11241100x8000000000000000182431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274f794de20212132022-04-04 14:00:36.076root 11241100x8000000000000000182440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c78bf94f1c9ba82022-04-04 14:00:36.077root 11241100x8000000000000000182439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa304e2e8e030d52022-04-04 14:00:36.077root 11241100x8000000000000000182438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3bf82c3ed04e842022-04-04 14:00:36.077root 11241100x8000000000000000182437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6064fceb4b22422022-04-04 14:00:36.077root 11241100x8000000000000000182436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04136e99e00572682022-04-04 14:00:36.077root 11241100x8000000000000000182435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713ae85aa712e2f02022-04-04 14:00:36.077root 11241100x8000000000000000182434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f831899aad4982022-04-04 14:00:36.077root 11241100x8000000000000000182433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ff10e1fdbcfb422022-04-04 14:00:36.077root 11241100x8000000000000000182432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf1061b274e66f02022-04-04 14:00:36.077root 11241100x8000000000000000182442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66675dc089eebbb62022-04-04 14:00:36.078root 11241100x8000000000000000182441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6c289e0a55b1f2022-04-04 14:00:36.078root 11241100x8000000000000000182443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f368886a0f37d77b2022-04-04 14:00:36.576root 11241100x8000000000000000182454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f182809fa124ccd2022-04-04 14:00:36.577root 11241100x8000000000000000182453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bca934f4f5eff32022-04-04 14:00:36.577root 11241100x8000000000000000182452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9246e754d7cb1e2022-04-04 14:00:36.577root 11241100x8000000000000000182451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ffd3f8754224152022-04-04 14:00:36.577root 11241100x8000000000000000182450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943a5beccc4411512022-04-04 14:00:36.577root 11241100x8000000000000000182449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8649bb70617b6b92022-04-04 14:00:36.577root 11241100x8000000000000000182448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e08061b76a345102022-04-04 14:00:36.577root 11241100x8000000000000000182447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9f1eeac766bc482022-04-04 14:00:36.577root 11241100x8000000000000000182446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7c8866a03c7c682022-04-04 14:00:36.577root 11241100x8000000000000000182445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a80c1818ac60b92022-04-04 14:00:36.577root 11241100x8000000000000000182444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afc30094d13202c2022-04-04 14:00:36.577root 11241100x8000000000000000182455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a44ce30ec070bf2022-04-04 14:00:37.076root 11241100x8000000000000000182466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177cbf3b6bfbaca52022-04-04 14:00:37.077root 11241100x8000000000000000182465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27d67bf3881a95c2022-04-04 14:00:37.077root 11241100x8000000000000000182464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcbae24baeda6352022-04-04 14:00:37.077root 11241100x8000000000000000182463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849059c5b4f8f7b42022-04-04 14:00:37.077root 11241100x8000000000000000182462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7e024ff7badff2022-04-04 14:00:37.077root 11241100x8000000000000000182461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3269a845310c26da2022-04-04 14:00:37.077root 11241100x8000000000000000182460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eccaf4f6170ffd2022-04-04 14:00:37.077root 11241100x8000000000000000182459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa296b35025e8412022-04-04 14:00:37.077root 11241100x8000000000000000182458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc232fd92018759e2022-04-04 14:00:37.077root 11241100x8000000000000000182457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01417929061eeae2022-04-04 14:00:37.077root 11241100x8000000000000000182456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c2b5ff937b9622022-04-04 14:00:37.077root 354300x8000000000000000182467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.094{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34442-false10.0.1.12-8000- 11241100x8000000000000000182474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c63cbc0cf277c72022-04-04 14:00:37.577root 11241100x8000000000000000182473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8ec0caeec6f0372022-04-04 14:00:37.577root 11241100x8000000000000000182472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dfa86ef2c712e22022-04-04 14:00:37.577root 11241100x8000000000000000182471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362dad96b5b430422022-04-04 14:00:37.577root 11241100x8000000000000000182470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b291a22f1c159a2022-04-04 14:00:37.577root 11241100x8000000000000000182469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e863c4d7618b3dc52022-04-04 14:00:37.577root 11241100x8000000000000000182468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b98a80ade17962022-04-04 14:00:37.577root 11241100x8000000000000000182480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7371ef928022f2bb2022-04-04 14:00:37.578root 11241100x8000000000000000182479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b5d3f28ae41b872022-04-04 14:00:37.578root 11241100x8000000000000000182478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fe2e60be0343ba2022-04-04 14:00:37.578root 11241100x8000000000000000182477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c40c062ae7e0ec82022-04-04 14:00:37.578root 11241100x8000000000000000182476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c2e61b70791b12022-04-04 14:00:37.578root 11241100x8000000000000000182475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b077fa4e1f8803112022-04-04 14:00:37.578root 11241100x8000000000000000182482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91f96b6d96549d32022-04-04 14:00:38.076root 11241100x8000000000000000182481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298a1c2aec6dee1c2022-04-04 14:00:38.076root 11241100x8000000000000000182493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7208a8acacc21b2022-04-04 14:00:38.077root 11241100x8000000000000000182492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd138898c6d84a12022-04-04 14:00:38.077root 11241100x8000000000000000182491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da1d68ee5df16c42022-04-04 14:00:38.077root 11241100x8000000000000000182490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc4ad1ddd6906f92022-04-04 14:00:38.077root 11241100x8000000000000000182489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80def2a5cdd33e02022-04-04 14:00:38.077root 11241100x8000000000000000182488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bcf6d04620e1de2022-04-04 14:00:38.077root 11241100x8000000000000000182487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe55603dd1a2cb12022-04-04 14:00:38.077root 11241100x8000000000000000182486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5980d95c8d899dd42022-04-04 14:00:38.077root 11241100x8000000000000000182485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1989110fdd3a745e2022-04-04 14:00:38.077root 11241100x8000000000000000182484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a98de79b1a57d012022-04-04 14:00:38.077root 11241100x8000000000000000182483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b061da1a283312022-04-04 14:00:38.077root 11241100x8000000000000000182494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfa9bb99980e82f2022-04-04 14:00:38.576root 11241100x8000000000000000182506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18abf5552bd68f222022-04-04 14:00:38.577root 11241100x8000000000000000182505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d70ac97f6133262022-04-04 14:00:38.577root 11241100x8000000000000000182504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1653fa94277635ba2022-04-04 14:00:38.577root 11241100x8000000000000000182503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa005f840d665b232022-04-04 14:00:38.577root 11241100x8000000000000000182502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ef67c8fcf96f32022-04-04 14:00:38.577root 11241100x8000000000000000182501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc249fd9b2353b572022-04-04 14:00:38.577root 11241100x8000000000000000182500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7890e00854d10bdc2022-04-04 14:00:38.577root 11241100x8000000000000000182499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab9c2422d7228e62022-04-04 14:00:38.577root 11241100x8000000000000000182498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f6118d717d2fa92022-04-04 14:00:38.577root 11241100x8000000000000000182497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f227060b6694fc12022-04-04 14:00:38.577root 11241100x8000000000000000182496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6952231d83ae55bc2022-04-04 14:00:38.577root 11241100x8000000000000000182495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf650da482b6e2522022-04-04 14:00:38.577root 11241100x8000000000000000182516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3b6ea5ee24b3f2022-04-04 14:00:39.077root 11241100x8000000000000000182515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6969d9a4ed16ec3d2022-04-04 14:00:39.077root 11241100x8000000000000000182514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6897e91249ceefa82022-04-04 14:00:39.077root 11241100x8000000000000000182513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d635fd581067bf2022-04-04 14:00:39.077root 11241100x8000000000000000182512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b43f31f0ebf9f82022-04-04 14:00:39.077root 11241100x8000000000000000182511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce3245d7f69ff42022-04-04 14:00:39.077root 11241100x8000000000000000182510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56417ccb7136298e2022-04-04 14:00:39.077root 11241100x8000000000000000182509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8c99a6d0f967032022-04-04 14:00:39.077root 11241100x8000000000000000182508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a1edb3f48872d22022-04-04 14:00:39.077root 11241100x8000000000000000182507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775af301afaa957d2022-04-04 14:00:39.077root 11241100x8000000000000000182519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7475f29005996a012022-04-04 14:00:39.078root 11241100x8000000000000000182518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc01a304f4bf852c2022-04-04 14:00:39.078root 11241100x8000000000000000182517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3facad5a0ac1fa1e2022-04-04 14:00:39.078root 11241100x8000000000000000182531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dba1c360a5336222022-04-04 14:00:39.577root 11241100x8000000000000000182530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871de7e4fbd4cda2022-04-04 14:00:39.577root 11241100x8000000000000000182529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3eb875a0f1a63b2022-04-04 14:00:39.577root 11241100x8000000000000000182528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343dea57bd2cf2df2022-04-04 14:00:39.577root 11241100x8000000000000000182527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b3d417aae4ad902022-04-04 14:00:39.577root 11241100x8000000000000000182526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6560524efe2b6db2022-04-04 14:00:39.577root 11241100x8000000000000000182525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1698e745046b97552022-04-04 14:00:39.577root 11241100x8000000000000000182524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba61da3cc48183072022-04-04 14:00:39.577root 11241100x8000000000000000182523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbd7d7e016cd47c2022-04-04 14:00:39.577root 11241100x8000000000000000182522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdfcb27c06c0982022-04-04 14:00:39.577root 11241100x8000000000000000182521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b21cb8f01058c12022-04-04 14:00:39.577root 11241100x8000000000000000182520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a9fc6f0a48dc862022-04-04 14:00:39.577root 11241100x8000000000000000182532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536a9f2c8011e6b82022-04-04 14:00:39.578root 11241100x8000000000000000182535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e434dfcf9aa74de42022-04-04 14:00:40.076root 11241100x8000000000000000182534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9662199da29d7b432022-04-04 14:00:40.076root 11241100x8000000000000000182533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b28284c2ad0c20a2022-04-04 14:00:40.076root 11241100x8000000000000000182545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c19973dbe632c02022-04-04 14:00:40.077root 11241100x8000000000000000182544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36757d27e97cf4342022-04-04 14:00:40.077root 11241100x8000000000000000182543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311d8ace8c6bb5542022-04-04 14:00:40.077root 11241100x8000000000000000182542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af57f37aa5aa7212022-04-04 14:00:40.077root 11241100x8000000000000000182541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45acb74799834cfa2022-04-04 14:00:40.077root 11241100x8000000000000000182540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9207ee80f1e986a2022-04-04 14:00:40.077root 11241100x8000000000000000182539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea21688ee3e5b582022-04-04 14:00:40.077root 11241100x8000000000000000182538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc3898a9cd80b7f2022-04-04 14:00:40.077root 11241100x8000000000000000182537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24af498101efade2022-04-04 14:00:40.077root 11241100x8000000000000000182536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cda6c108cb1bc92022-04-04 14:00:40.077root 11241100x8000000000000000182549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57df9df8f034dadb2022-04-04 14:00:40.577root 11241100x8000000000000000182548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb70ae04270801e2022-04-04 14:00:40.577root 11241100x8000000000000000182547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d3bc319c38f8de2022-04-04 14:00:40.577root 11241100x8000000000000000182546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdadd8b031b98ef2022-04-04 14:00:40.577root 11241100x8000000000000000182558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654750f7f10ddca62022-04-04 14:00:40.578root 11241100x8000000000000000182557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2304b21db01910dd2022-04-04 14:00:40.578root 11241100x8000000000000000182556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c54da869fa6f8132022-04-04 14:00:40.578root 11241100x8000000000000000182555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1f2aab78875cb2022-04-04 14:00:40.578root 11241100x8000000000000000182554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79171919faf22372022-04-04 14:00:40.578root 11241100x8000000000000000182553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4af4cdca9e327c62022-04-04 14:00:40.578root 11241100x8000000000000000182552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebbcad4237a74b62022-04-04 14:00:40.578root 11241100x8000000000000000182551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af56526e0d964bac2022-04-04 14:00:40.578root 11241100x8000000000000000182550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b771e15f65828a72022-04-04 14:00:40.578root 11241100x8000000000000000182562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08db0b9ba2c8555c2022-04-04 14:00:41.076root 11241100x8000000000000000182561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2059343ce1667b2d2022-04-04 14:00:41.076root 11241100x8000000000000000182560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755f040559be7f242022-04-04 14:00:41.076root 11241100x8000000000000000182559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db600b1cdcf0091c2022-04-04 14:00:41.076root 11241100x8000000000000000182571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63ed75085490d842022-04-04 14:00:41.077root 11241100x8000000000000000182570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce56551efbd0f652022-04-04 14:00:41.077root 11241100x8000000000000000182569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc2d700d9a3340d2022-04-04 14:00:41.077root 11241100x8000000000000000182568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01722a746dec9982022-04-04 14:00:41.077root 11241100x8000000000000000182567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e628b6907e92d32022-04-04 14:00:41.077root 11241100x8000000000000000182566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e3e6152c2a06442022-04-04 14:00:41.077root 11241100x8000000000000000182565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873df7ad8cdfc3222022-04-04 14:00:41.077root 11241100x8000000000000000182564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0bd5e6b85e43be2022-04-04 14:00:41.077root 11241100x8000000000000000182563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa505cf3e6a20652022-04-04 14:00:41.077root 11241100x8000000000000000182584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadce3f8a179ea642022-04-04 14:00:41.577root 11241100x8000000000000000182583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ce9026b35ad9c92022-04-04 14:00:41.577root 11241100x8000000000000000182582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26685f567d6941f2022-04-04 14:00:41.577root 11241100x8000000000000000182581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916f9dd91d505a012022-04-04 14:00:41.577root 11241100x8000000000000000182580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2871caf0d27fd69d2022-04-04 14:00:41.577root 11241100x8000000000000000182579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54241f9b165971d22022-04-04 14:00:41.577root 11241100x8000000000000000182578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf9315167d826d2022-04-04 14:00:41.577root 11241100x8000000000000000182577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b08bb36cb9540b2022-04-04 14:00:41.577root 11241100x8000000000000000182576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b77a1e27e268f992022-04-04 14:00:41.577root 11241100x8000000000000000182575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6882ab48762f76fc2022-04-04 14:00:41.577root 11241100x8000000000000000182574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4276044fa5b3cdf2022-04-04 14:00:41.577root 11241100x8000000000000000182573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a35a25592bbe9c2022-04-04 14:00:41.577root 11241100x8000000000000000182572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd16e87eca08edc2022-04-04 14:00:41.577root 11241100x8000000000000000182585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3de1012a9fe2222022-04-04 14:00:42.076root 11241100x8000000000000000182596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31e3305ae5803c12022-04-04 14:00:42.077root 11241100x8000000000000000182595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783affa11c8115e22022-04-04 14:00:42.077root 11241100x8000000000000000182594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3b481a0e35e9652022-04-04 14:00:42.077root 11241100x8000000000000000182593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a164752edf11882022-04-04 14:00:42.077root 11241100x8000000000000000182592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77a042f0c1d0552022-04-04 14:00:42.077root 11241100x8000000000000000182591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a153294e653aac22022-04-04 14:00:42.077root 11241100x8000000000000000182590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee305f8bf978d63d2022-04-04 14:00:42.077root 11241100x8000000000000000182589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b5e177b95ebfdb2022-04-04 14:00:42.077root 11241100x8000000000000000182588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc305bd4327ff2b2022-04-04 14:00:42.077root 11241100x8000000000000000182587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56866f1165f7e03a2022-04-04 14:00:42.077root 11241100x8000000000000000182586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe39ba9653716192022-04-04 14:00:42.077root 11241100x8000000000000000182597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9eb0c375346db02022-04-04 14:00:42.078root 354300x8000000000000000182598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.127{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34444-false10.0.1.12-8000- 11241100x8000000000000000182599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b19687b6bfa3b092022-04-04 14:00:42.576root 11241100x8000000000000000182612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836d554a2a3880f2022-04-04 14:00:42.577root 11241100x8000000000000000182611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1972a4bf738d6252022-04-04 14:00:42.577root 11241100x8000000000000000182610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585a73bcbb225b612022-04-04 14:00:42.577root 11241100x8000000000000000182609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fa9e5d197a60792022-04-04 14:00:42.577root 11241100x8000000000000000182608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e03ee9a4a665302022-04-04 14:00:42.577root 11241100x8000000000000000182607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3755aff06c07db7c2022-04-04 14:00:42.577root 11241100x8000000000000000182606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff697300c9dd60042022-04-04 14:00:42.577root 11241100x8000000000000000182605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae77fcd560500092022-04-04 14:00:42.577root 11241100x8000000000000000182604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16993fe56cba4de2022-04-04 14:00:42.577root 11241100x8000000000000000182603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ce4525262ee1812022-04-04 14:00:42.577root 11241100x8000000000000000182602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a978614e232773492022-04-04 14:00:42.577root 11241100x8000000000000000182601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adfb7b5e6db17c02022-04-04 14:00:42.577root 11241100x8000000000000000182600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f8fc1140288f82022-04-04 14:00:42.577root 11241100x8000000000000000182623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e4454774c3fbe32022-04-04 14:00:43.077root 11241100x8000000000000000182622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989ee18ced5842d12022-04-04 14:00:43.077root 11241100x8000000000000000182621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e2d46967682ed92022-04-04 14:00:43.077root 11241100x8000000000000000182620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cc7a5aadffc8f82022-04-04 14:00:43.077root 11241100x8000000000000000182619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d5289cbf52e4742022-04-04 14:00:43.077root 11241100x8000000000000000182618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83f15997795aae52022-04-04 14:00:43.077root 11241100x8000000000000000182617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7484de8da3b316a02022-04-04 14:00:43.077root 11241100x8000000000000000182616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eaa0d20aba364a2022-04-04 14:00:43.077root 11241100x8000000000000000182615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbead2a13c4db0bb2022-04-04 14:00:43.077root 11241100x8000000000000000182614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351e67e2bb59121b2022-04-04 14:00:43.077root 11241100x8000000000000000182613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4023c9587b6b6a2022-04-04 14:00:43.077root 11241100x8000000000000000182626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d436feb3b047133c2022-04-04 14:00:43.078root 11241100x8000000000000000182625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c146392fe53bbec62022-04-04 14:00:43.078root 11241100x8000000000000000182624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98b602f48091e52022-04-04 14:00:43.078root 11241100x8000000000000000182628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd76a8bcf28b08e2022-04-04 14:00:43.576root 11241100x8000000000000000182627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f601e3e3defee1342022-04-04 14:00:43.576root 11241100x8000000000000000182640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859f5606c65db05f2022-04-04 14:00:43.577root 11241100x8000000000000000182639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd919b258158e22022-04-04 14:00:43.577root 11241100x8000000000000000182638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7f4e4d1885ea6a2022-04-04 14:00:43.577root 11241100x8000000000000000182637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6412ad799cbc3e1c2022-04-04 14:00:43.577root 11241100x8000000000000000182636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a4b95dcd1d40e42022-04-04 14:00:43.577root 11241100x8000000000000000182635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3bfb6dc97215b12022-04-04 14:00:43.577root 11241100x8000000000000000182634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27cabb90e3f8b942022-04-04 14:00:43.577root 11241100x8000000000000000182633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47ef1d0a14a0d4c2022-04-04 14:00:43.577root 11241100x8000000000000000182632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4e4b9331020ea2022-04-04 14:00:43.577root 11241100x8000000000000000182631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543f519d52f265782022-04-04 14:00:43.577root 11241100x8000000000000000182630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f3a36a614616822022-04-04 14:00:43.577root 11241100x8000000000000000182629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a64973d0a332212022-04-04 14:00:43.577root 11241100x8000000000000000182643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255159021aed2132022-04-04 14:00:44.076root 11241100x8000000000000000182642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87e99d521ae029c2022-04-04 14:00:44.076root 11241100x8000000000000000182641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75635173d49246992022-04-04 14:00:44.076root 11241100x8000000000000000182654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f373f9bfd5e2f1212022-04-04 14:00:44.077root 11241100x8000000000000000182653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5aac8dcfeefab2022-04-04 14:00:44.077root 11241100x8000000000000000182652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6081963531ae75172022-04-04 14:00:44.077root 11241100x8000000000000000182651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4693294db1029db2022-04-04 14:00:44.077root 11241100x8000000000000000182650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288cefe4cfb7a00a2022-04-04 14:00:44.077root 11241100x8000000000000000182649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7d96391497c7672022-04-04 14:00:44.077root 11241100x8000000000000000182648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4679a8be7b7431452022-04-04 14:00:44.077root 11241100x8000000000000000182647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49f4304fef35e462022-04-04 14:00:44.077root 11241100x8000000000000000182646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98a2b42d0891be2022-04-04 14:00:44.077root 11241100x8000000000000000182645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93feb277a4dbcf1f2022-04-04 14:00:44.077root 11241100x8000000000000000182644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ed6ea5abac30cb2022-04-04 14:00:44.077root 11241100x8000000000000000182655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550364167a65d4782022-04-04 14:00:44.576root 11241100x8000000000000000182668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a75917500129e062022-04-04 14:00:44.577root 11241100x8000000000000000182667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b7554f15c79d802022-04-04 14:00:44.577root 11241100x8000000000000000182666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9070df70ba97f0952022-04-04 14:00:44.577root 11241100x8000000000000000182665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d99608714b2a58e2022-04-04 14:00:44.577root 11241100x8000000000000000182664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54335b5b8dfb2f442022-04-04 14:00:44.577root 11241100x8000000000000000182663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288eb1a63c0cd8512022-04-04 14:00:44.577root 11241100x8000000000000000182662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85edeb203d1a6cb72022-04-04 14:00:44.577root 11241100x8000000000000000182661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59ce31ae68cd1f82022-04-04 14:00:44.577root 11241100x8000000000000000182660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745428880d66c6302022-04-04 14:00:44.577root 11241100x8000000000000000182659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a678d9eeb89fa6a72022-04-04 14:00:44.577root 11241100x8000000000000000182658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e6d658d6750cfe2022-04-04 14:00:44.577root 11241100x8000000000000000182657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c67534ef17eb3d2022-04-04 14:00:44.577root 11241100x8000000000000000182656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44310019f5b74bb2022-04-04 14:00:44.577root 11241100x8000000000000000182669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8da9a668dd7b1d52022-04-04 14:00:45.076root 11241100x8000000000000000182682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc23bae5c30b8b5f2022-04-04 14:00:45.077root 11241100x8000000000000000182681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ac764cdf2fe6172022-04-04 14:00:45.077root 11241100x8000000000000000182680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12a2a56b919ca142022-04-04 14:00:45.077root 11241100x8000000000000000182679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b394291c26d9d92022-04-04 14:00:45.077root 11241100x8000000000000000182678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c6d3730b4b27102022-04-04 14:00:45.077root 11241100x8000000000000000182677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3367fd02d096f04b2022-04-04 14:00:45.077root 11241100x8000000000000000182676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf26330e04f947892022-04-04 14:00:45.077root 11241100x8000000000000000182675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244c7d9a721a71242022-04-04 14:00:45.077root 11241100x8000000000000000182674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb2521252793e52022-04-04 14:00:45.077root 11241100x8000000000000000182673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27730dd088bb9a092022-04-04 14:00:45.077root 11241100x8000000000000000182672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90901f943b9aa3d92022-04-04 14:00:45.077root 11241100x8000000000000000182671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b9b9ce9ba63bbb2022-04-04 14:00:45.077root 11241100x8000000000000000182670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fee2cd01633c572022-04-04 14:00:45.077root 11241100x8000000000000000182683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f4b0e9b59e10a32022-04-04 14:00:45.576root 11241100x8000000000000000182696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c249ed5f60b8a022022-04-04 14:00:45.577root 11241100x8000000000000000182695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b3cfe2ec6c6bb82022-04-04 14:00:45.577root 11241100x8000000000000000182694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e722f1a34d3cd462022-04-04 14:00:45.577root 11241100x8000000000000000182693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ced71298e372a4a2022-04-04 14:00:45.577root 11241100x8000000000000000182692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b384b418d30a1d6e2022-04-04 14:00:45.577root 11241100x8000000000000000182691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadeb52cff0cc77b2022-04-04 14:00:45.577root 11241100x8000000000000000182690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de2eb69809b7b332022-04-04 14:00:45.577root 11241100x8000000000000000182689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08706cc594ba18302022-04-04 14:00:45.577root 11241100x8000000000000000182688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233137cf4275f4b52022-04-04 14:00:45.577root 11241100x8000000000000000182687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b8b3f3a13fcb12022-04-04 14:00:45.577root 11241100x8000000000000000182686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2455a1534a3d2fc2022-04-04 14:00:45.577root 11241100x8000000000000000182685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3284bc2c21d3a5b62022-04-04 14:00:45.577root 11241100x8000000000000000182684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d301fa6a696dda2022-04-04 14:00:45.577root 11241100x8000000000000000182702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d48d44c5c7d224e2022-04-04 14:00:46.077root 11241100x8000000000000000182701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090ccd660d50262f2022-04-04 14:00:46.077root 11241100x8000000000000000182700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b994f808b265c3e72022-04-04 14:00:46.077root 11241100x8000000000000000182699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc58017d523a9e42022-04-04 14:00:46.077root 11241100x8000000000000000182698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7db6444db7aea832022-04-04 14:00:46.077root 11241100x8000000000000000182697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bf45fd7062e1cd2022-04-04 14:00:46.077root 11241100x8000000000000000182709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32364cf4837ba602022-04-04 14:00:46.078root 11241100x8000000000000000182708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801b2c2829a40b552022-04-04 14:00:46.078root 11241100x8000000000000000182707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0539b81af70c0f412022-04-04 14:00:46.078root 11241100x8000000000000000182706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b128854b80641b972022-04-04 14:00:46.078root 11241100x8000000000000000182705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccca148b0f94c522022-04-04 14:00:46.078root 11241100x8000000000000000182704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeb6eefb4117f822022-04-04 14:00:46.078root 11241100x8000000000000000182703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1e44cd83ded6fe2022-04-04 14:00:46.078root 11241100x8000000000000000182710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e72a4a40beab52022-04-04 14:00:46.079root 11241100x8000000000000000182718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf65959c59ceb7a2022-04-04 14:00:46.577root 11241100x8000000000000000182717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2103468aad410be02022-04-04 14:00:46.577root 11241100x8000000000000000182716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354ad0b6e9aec2162022-04-04 14:00:46.577root 11241100x8000000000000000182715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccd716c80940c4d2022-04-04 14:00:46.577root 11241100x8000000000000000182714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9fa729d5df33a12022-04-04 14:00:46.577root 11241100x8000000000000000182713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1180cade9137af642022-04-04 14:00:46.577root 11241100x8000000000000000182712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83322f78c9739b62022-04-04 14:00:46.577root 11241100x8000000000000000182711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd26fbbca52c2ba2022-04-04 14:00:46.577root 11241100x8000000000000000182724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eff201991b655f2022-04-04 14:00:46.578root 11241100x8000000000000000182723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e41dfc966b8d78f2022-04-04 14:00:46.578root 11241100x8000000000000000182722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c957fa757566e12022-04-04 14:00:46.578root 11241100x8000000000000000182721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51a37fe0ae1be802022-04-04 14:00:46.578root 11241100x8000000000000000182720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c898ab7135e09932022-04-04 14:00:46.578root 11241100x8000000000000000182719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f894e8927e55182022-04-04 14:00:46.578root 11241100x8000000000000000182733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c2d831e35dcfad2022-04-04 14:00:47.077root 11241100x8000000000000000182732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7256a0fb60c89e4a2022-04-04 14:00:47.077root 11241100x8000000000000000182731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8752535dd5a28a552022-04-04 14:00:47.077root 11241100x8000000000000000182730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c173b05e539647f2022-04-04 14:00:47.077root 11241100x8000000000000000182729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36622086558e06382022-04-04 14:00:47.077root 11241100x8000000000000000182728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e3ef6aba8368352022-04-04 14:00:47.077root 11241100x8000000000000000182727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32a431d2055a15d2022-04-04 14:00:47.077root 11241100x8000000000000000182726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b1f9d1631c66d32022-04-04 14:00:47.077root 11241100x8000000000000000182725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b055aa592941f43e2022-04-04 14:00:47.077root 11241100x8000000000000000182738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e7eef568513ec52022-04-04 14:00:47.078root 11241100x8000000000000000182737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4072167a18cb9f522022-04-04 14:00:47.078root 11241100x8000000000000000182736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d120d52fc842282022-04-04 14:00:47.078root 11241100x8000000000000000182735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ce9273684342f2022-04-04 14:00:47.078root 11241100x8000000000000000182734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1d829409ddac5e2022-04-04 14:00:47.078root 354300x8000000000000000182739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.240{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34446-false10.0.1.12-8000- 11241100x8000000000000000182751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a3232f15512af12022-04-04 14:00:47.577root 11241100x8000000000000000182750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d947018fe1e90c2022-04-04 14:00:47.577root 11241100x8000000000000000182749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db71b70652827f92022-04-04 14:00:47.577root 11241100x8000000000000000182748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18da7c471735b0022022-04-04 14:00:47.577root 11241100x8000000000000000182747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b09a6ce1b920e1a2022-04-04 14:00:47.577root 11241100x8000000000000000182746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8278ee11444a2052022-04-04 14:00:47.577root 11241100x8000000000000000182745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1f546090c4f3e52022-04-04 14:00:47.577root 11241100x8000000000000000182744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5261c4f16849ede2022-04-04 14:00:47.577root 11241100x8000000000000000182743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbe5294efd7d6672022-04-04 14:00:47.577root 11241100x8000000000000000182742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a5b031bf52b3002022-04-04 14:00:47.577root 11241100x8000000000000000182741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9535a1c557d227c2022-04-04 14:00:47.577root 11241100x8000000000000000182740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9a77c2368652812022-04-04 14:00:47.577root 11241100x8000000000000000182754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7491bcc37afeb422022-04-04 14:00:47.578root 11241100x8000000000000000182753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903d7b6cde1170002022-04-04 14:00:47.578root 11241100x8000000000000000182752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b279bcf94a11df62022-04-04 14:00:47.578root 11241100x8000000000000000182764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f6e5cf66d992242022-04-04 14:00:48.077root 11241100x8000000000000000182763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02ce8d3a3acee282022-04-04 14:00:48.077root 11241100x8000000000000000182762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd3c14045e43bb62022-04-04 14:00:48.077root 11241100x8000000000000000182761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6cfb34b83f212c2022-04-04 14:00:48.077root 11241100x8000000000000000182760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f771b90475440cf2022-04-04 14:00:48.077root 11241100x8000000000000000182759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efdaf418ec69f662022-04-04 14:00:48.077root 11241100x8000000000000000182758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c30e0310377aeb2022-04-04 14:00:48.077root 11241100x8000000000000000182757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feebb4174de6bb5e2022-04-04 14:00:48.077root 11241100x8000000000000000182756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7947a7c2fb37112022-04-04 14:00:48.077root 11241100x8000000000000000182755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2051f50db802f912022-04-04 14:00:48.077root 11241100x8000000000000000182769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32aa09bc0d6d94f2022-04-04 14:00:48.078root 11241100x8000000000000000182768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e028c6c4550551772022-04-04 14:00:48.078root 11241100x8000000000000000182767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecb956f8ad24c552022-04-04 14:00:48.078root 11241100x8000000000000000182766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d973af1ced1060322022-04-04 14:00:48.078root 11241100x8000000000000000182765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62f110435088042022-04-04 14:00:48.078root 11241100x8000000000000000182771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9782648cb214b9212022-04-04 14:00:48.576root 11241100x8000000000000000182770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c378c8882e81312022-04-04 14:00:48.576root 11241100x8000000000000000182783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efffc47cad7d3ccb2022-04-04 14:00:48.577root 11241100x8000000000000000182782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270f5fe587247e4c2022-04-04 14:00:48.577root 11241100x8000000000000000182781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1babbb61fbe54f2022-04-04 14:00:48.577root 11241100x8000000000000000182780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0a7d05b61f25212022-04-04 14:00:48.577root 11241100x8000000000000000182779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12946f6d7ad23bca2022-04-04 14:00:48.577root 11241100x8000000000000000182778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88a1f5c370bfd5c2022-04-04 14:00:48.577root 11241100x8000000000000000182777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168488745138f6402022-04-04 14:00:48.577root 11241100x8000000000000000182776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f5bc9656ad4882022-04-04 14:00:48.577root 11241100x8000000000000000182775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e447a3b418da82022-04-04 14:00:48.577root 11241100x8000000000000000182774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e2274ad2cf5b6f2022-04-04 14:00:48.577root 11241100x8000000000000000182773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f88961c46fc6e2022-04-04 14:00:48.577root 11241100x8000000000000000182772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827e2938dc0250522022-04-04 14:00:48.577root 11241100x8000000000000000182784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a8d07abb21eb912022-04-04 14:00:48.578root 11241100x8000000000000000182785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f65ec8b48ce872022-04-04 14:00:49.076root 11241100x8000000000000000182792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24a713e80dc6a9e2022-04-04 14:00:49.077root 11241100x8000000000000000182791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee1ce45cde8d93d2022-04-04 14:00:49.077root 11241100x8000000000000000182790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfb89323e23106f2022-04-04 14:00:49.077root 11241100x8000000000000000182789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8002cc2c65a4e2662022-04-04 14:00:49.077root 11241100x8000000000000000182788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cede845311e1a62022-04-04 14:00:49.077root 11241100x8000000000000000182787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522805e19eb3a7a62022-04-04 14:00:49.077root 11241100x8000000000000000182786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fd53fc63633142022-04-04 14:00:49.077root 11241100x8000000000000000182799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a9acad6447a8aa2022-04-04 14:00:49.078root 11241100x8000000000000000182798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42bb8407465ebfe2022-04-04 14:00:49.078root 11241100x8000000000000000182797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2eaeee196a8172022-04-04 14:00:49.078root 11241100x8000000000000000182796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ed703e5e13026d2022-04-04 14:00:49.078root 11241100x8000000000000000182795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40ed41707ef2a202022-04-04 14:00:49.078root 11241100x8000000000000000182794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813d2c34da61f212022-04-04 14:00:49.078root 11241100x8000000000000000182793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1659f646b74b0c3b2022-04-04 14:00:49.078root 11241100x8000000000000000182800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af38c3bc3a0b55ab2022-04-04 14:00:49.576root 11241100x8000000000000000182806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ddc901510bc1c32022-04-04 14:00:49.577root 11241100x8000000000000000182805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3f7075c0c3e2e22022-04-04 14:00:49.577root 11241100x8000000000000000182804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f365ee1b07e83b6d2022-04-04 14:00:49.577root 11241100x8000000000000000182803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c75c791dd6ae3a2022-04-04 14:00:49.577root 11241100x8000000000000000182802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a22b2a6048212a22022-04-04 14:00:49.577root 11241100x8000000000000000182801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6225e6aad54461312022-04-04 14:00:49.577root 11241100x8000000000000000182814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae5d8905381a4672022-04-04 14:00:49.578root 11241100x8000000000000000182813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb871789794cc2132022-04-04 14:00:49.578root 11241100x8000000000000000182812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3dcd79f8f6ea0a2022-04-04 14:00:49.578root 11241100x8000000000000000182811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949588f7093f7de62022-04-04 14:00:49.578root 11241100x8000000000000000182810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3eabb0fc011f042022-04-04 14:00:49.578root 11241100x8000000000000000182809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e97ce49156e6f42022-04-04 14:00:49.578root 11241100x8000000000000000182808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d4a8efe78c120b2022-04-04 14:00:49.578root 11241100x8000000000000000182807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177670d4bed4e032022-04-04 14:00:49.578root 11241100x8000000000000000182827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47dae30563378882022-04-04 14:00:50.077root 11241100x8000000000000000182826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39643f75cff862312022-04-04 14:00:50.077root 11241100x8000000000000000182825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213834265c72b4d32022-04-04 14:00:50.077root 11241100x8000000000000000182824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4366aeb2ee60a79d2022-04-04 14:00:50.077root 11241100x8000000000000000182823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbc1d20d64825d12022-04-04 14:00:50.077root 11241100x8000000000000000182822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732fc78cb8ca3fe52022-04-04 14:00:50.077root 11241100x8000000000000000182821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4efc27126f29ad72022-04-04 14:00:50.077root 11241100x8000000000000000182820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4232d4f0bd41401d2022-04-04 14:00:50.077root 11241100x8000000000000000182819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e42c80daa1df22022-04-04 14:00:50.077root 11241100x8000000000000000182818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d933034c605e072022-04-04 14:00:50.077root 11241100x8000000000000000182817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d4cbd31c54aab32022-04-04 14:00:50.077root 11241100x8000000000000000182816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b99569b1b73af2022-04-04 14:00:50.077root 11241100x8000000000000000182815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d640f26d9f6465672022-04-04 14:00:50.077root 11241100x8000000000000000182829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfacdefdd14bbfbe2022-04-04 14:00:50.078root 11241100x8000000000000000182828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b942ccde0aa176b2022-04-04 14:00:50.078root 11241100x8000000000000000182841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cc605a681ab72e2022-04-04 14:00:50.577root 11241100x8000000000000000182840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a461bfd763a8932022-04-04 14:00:50.577root 11241100x8000000000000000182839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef89147a64e854e02022-04-04 14:00:50.577root 11241100x8000000000000000182838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa8a91e5f5720be2022-04-04 14:00:50.577root 11241100x8000000000000000182837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10855c7769d199c2022-04-04 14:00:50.577root 11241100x8000000000000000182836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dd36c304af5ea32022-04-04 14:00:50.577root 11241100x8000000000000000182835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9495840f1d94386b2022-04-04 14:00:50.577root 11241100x8000000000000000182834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6224afe28e1fbc2022-04-04 14:00:50.577root 11241100x8000000000000000182833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334738aa2292d7142022-04-04 14:00:50.577root 11241100x8000000000000000182832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802f4a59ea98cf7b2022-04-04 14:00:50.577root 11241100x8000000000000000182831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5be7ca2e4d55182022-04-04 14:00:50.577root 11241100x8000000000000000182830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939e6bdfcb31ffcc2022-04-04 14:00:50.577root 11241100x8000000000000000182844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7d438520270c372022-04-04 14:00:50.578root 11241100x8000000000000000182843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c69fe2176e9332022-04-04 14:00:50.578root 11241100x8000000000000000182842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129b10ee02023de52022-04-04 14:00:50.578root 11241100x8000000000000000182845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179cc851e413a02a2022-04-04 14:00:51.076root 11241100x8000000000000000182849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0f6b5d93e1716f2022-04-04 14:00:51.077root 11241100x8000000000000000182848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271c9d5e825d72382022-04-04 14:00:51.077root 11241100x8000000000000000182847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf0d422fb19e9492022-04-04 14:00:51.077root 11241100x8000000000000000182846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077fb927d8363e002022-04-04 14:00:51.077root 11241100x8000000000000000182859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c21a0357f574602022-04-04 14:00:51.078root 11241100x8000000000000000182858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1964d3141aa07e392022-04-04 14:00:51.078root 11241100x8000000000000000182857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cdf979e6db820a2022-04-04 14:00:51.078root 11241100x8000000000000000182856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa57e925e464cac32022-04-04 14:00:51.078root 11241100x8000000000000000182855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa5a1af05aead3c2022-04-04 14:00:51.078root 11241100x8000000000000000182854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfc49282e5718792022-04-04 14:00:51.078root 11241100x8000000000000000182853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464b39e7454575e12022-04-04 14:00:51.078root 11241100x8000000000000000182852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b80de57cc2ebe32022-04-04 14:00:51.078root 11241100x8000000000000000182851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05369189ff36ae5d2022-04-04 14:00:51.078root 11241100x8000000000000000182850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0480d1cc05efc08c2022-04-04 14:00:51.078root 11241100x8000000000000000182866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27091d01f3c538fb2022-04-04 14:00:51.577root 11241100x8000000000000000182865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7133e3adb25432012022-04-04 14:00:51.577root 11241100x8000000000000000182864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5212e2328444cc62022-04-04 14:00:51.577root 11241100x8000000000000000182863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c24ca8c6c979022022-04-04 14:00:51.577root 11241100x8000000000000000182862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f985f25c00b18d72022-04-04 14:00:51.577root 11241100x8000000000000000182861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e32dde1c7581cd2022-04-04 14:00:51.577root 11241100x8000000000000000182860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3572b93cb93c5172022-04-04 14:00:51.577root 11241100x8000000000000000182874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2cc7dfcd8a20ca2022-04-04 14:00:51.578root 11241100x8000000000000000182873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18a136abbdbadb2022-04-04 14:00:51.578root 11241100x8000000000000000182872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4898070e8aa9852022-04-04 14:00:51.578root 11241100x8000000000000000182871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9831d800df5ed9bf2022-04-04 14:00:51.578root 11241100x8000000000000000182870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9024967436a1ce02022-04-04 14:00:51.578root 11241100x8000000000000000182869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c511c78c1d1ad022022-04-04 14:00:51.578root 11241100x8000000000000000182868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb6c15cd9c7f7322022-04-04 14:00:51.578root 11241100x8000000000000000182867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd28cdd164510f292022-04-04 14:00:51.578root 11241100x8000000000000000182884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d3cabd83462be2022-04-04 14:00:52.077root 11241100x8000000000000000182883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68032843fd525f2022-04-04 14:00:52.077root 11241100x8000000000000000182882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5fabf7de6570f82022-04-04 14:00:52.077root 11241100x8000000000000000182881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c08c2510356ba2022-04-04 14:00:52.077root 11241100x8000000000000000182880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0773a0c3d4abe5e72022-04-04 14:00:52.077root 11241100x8000000000000000182879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241437fcca2493102022-04-04 14:00:52.077root 11241100x8000000000000000182878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d6c63fe547cf8a2022-04-04 14:00:52.077root 11241100x8000000000000000182877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf724e3e3e7829b2022-04-04 14:00:52.077root 11241100x8000000000000000182876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd2bd977ba6e07c2022-04-04 14:00:52.077root 11241100x8000000000000000182875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eae4e15d864e562022-04-04 14:00:52.077root 11241100x8000000000000000182889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c208911516ab978b2022-04-04 14:00:52.078root 11241100x8000000000000000182888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab70ba6f66d8e3172022-04-04 14:00:52.078root 11241100x8000000000000000182887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5b1ee109fc3aef2022-04-04 14:00:52.078root 11241100x8000000000000000182886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd82e0e5f83ab6d2022-04-04 14:00:52.078root 11241100x8000000000000000182885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58486ffa461b236e2022-04-04 14:00:52.078root 11241100x8000000000000000182892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c973c84d73f8682022-04-04 14:00:52.576root 11241100x8000000000000000182891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3046a10e8a685b112022-04-04 14:00:52.576root 11241100x8000000000000000182890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6053ad4195b9cd22022-04-04 14:00:52.576root 11241100x8000000000000000182901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a32dd5238a4ff2022-04-04 14:00:52.577root 11241100x8000000000000000182900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5fddd3c42dd80c2022-04-04 14:00:52.577root 11241100x8000000000000000182899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3939701c3f633cb2022-04-04 14:00:52.577root 11241100x8000000000000000182898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef7375f7c4907b2022-04-04 14:00:52.577root 11241100x8000000000000000182897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5e44b11ecc3d282022-04-04 14:00:52.577root 11241100x8000000000000000182896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac9998e722427582022-04-04 14:00:52.577root 11241100x8000000000000000182895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b369e52990c936be2022-04-04 14:00:52.577root 11241100x8000000000000000182894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26832aee026471b72022-04-04 14:00:52.577root 11241100x8000000000000000182893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826db99dcc1483492022-04-04 14:00:52.577root 11241100x8000000000000000182904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fab391f137dbd12022-04-04 14:00:52.578root 11241100x8000000000000000182903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4b606c295236e62022-04-04 14:00:52.578root 11241100x8000000000000000182902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c2a5dbc01e82da2022-04-04 14:00:52.578root 11241100x8000000000000000182912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505893a1cc57aef2022-04-04 14:00:53.077root 11241100x8000000000000000182911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8f5b1621f182452022-04-04 14:00:53.077root 11241100x8000000000000000182910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a42c8b9e9b4ed62022-04-04 14:00:53.077root 11241100x8000000000000000182909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a9c57a1a8da3532022-04-04 14:00:53.077root 11241100x8000000000000000182908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b94615a1c5bbd12022-04-04 14:00:53.077root 11241100x8000000000000000182907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1acd1a312ead42022-04-04 14:00:53.077root 11241100x8000000000000000182906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485cf7c8728a99932022-04-04 14:00:53.077root 11241100x8000000000000000182905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba9e3f17d125e532022-04-04 14:00:53.077root 11241100x8000000000000000182919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef922acee632b02022-04-04 14:00:53.078root 11241100x8000000000000000182918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02425b08094e3b072022-04-04 14:00:53.078root 11241100x8000000000000000182917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48868ca52eb89bbd2022-04-04 14:00:53.078root 11241100x8000000000000000182916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c93a8d440543862022-04-04 14:00:53.078root 11241100x8000000000000000182915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbd8c24e392e31f2022-04-04 14:00:53.078root 11241100x8000000000000000182914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a819a6a295a07aeb2022-04-04 14:00:53.078root 11241100x8000000000000000182913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86174634b2912ff2022-04-04 14:00:53.078root 354300x8000000000000000182920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.085{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34448-false10.0.1.12-8000- 11241100x8000000000000000182929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4786d7027bd2bb202022-04-04 14:00:53.577root 11241100x8000000000000000182928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a0fb816428b4982022-04-04 14:00:53.577root 11241100x8000000000000000182927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c5db4cc5dce5f32022-04-04 14:00:53.577root 11241100x8000000000000000182926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfc443c033e28e42022-04-04 14:00:53.577root 11241100x8000000000000000182925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675e69608671744e2022-04-04 14:00:53.577root 11241100x8000000000000000182924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b751e75832c6cd22022-04-04 14:00:53.577root 11241100x8000000000000000182923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3910811c4c47772022-04-04 14:00:53.577root 11241100x8000000000000000182922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6233e3041450d6fd2022-04-04 14:00:53.577root 11241100x8000000000000000182921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c90319d98f678f02022-04-04 14:00:53.577root 11241100x8000000000000000182936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25ca91987f36e52022-04-04 14:00:53.578root 11241100x8000000000000000182935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c48b97df7fd33d2022-04-04 14:00:53.578root 11241100x8000000000000000182934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced4a0c80ff56992022-04-04 14:00:53.578root 11241100x8000000000000000182933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab0366e90e1dc52022-04-04 14:00:53.578root 11241100x8000000000000000182932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65d6f4456403bc2022-04-04 14:00:53.578root 11241100x8000000000000000182931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef940f0755c6ed2022-04-04 14:00:53.578root 11241100x8000000000000000182930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06d6c96ea73277c2022-04-04 14:00:53.578root 11241100x8000000000000000182939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ebd0ce03d0b26a2022-04-04 14:00:54.076root 11241100x8000000000000000182938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91288c3b6afc5f092022-04-04 14:00:54.076root 11241100x8000000000000000182937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b53742892bb44412022-04-04 14:00:54.076root 11241100x8000000000000000182951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcaa347a2244eb72022-04-04 14:00:54.077root 11241100x8000000000000000182950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adffe7deb6f7fe02022-04-04 14:00:54.077root 11241100x8000000000000000182949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bf49ac8d17c30b2022-04-04 14:00:54.077root 11241100x8000000000000000182948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999886a34f3fb40a2022-04-04 14:00:54.077root 11241100x8000000000000000182947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bccb3746299dd62022-04-04 14:00:54.077root 11241100x8000000000000000182946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6f34f9b8a298212022-04-04 14:00:54.077root 11241100x8000000000000000182945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63d210e0a9e19882022-04-04 14:00:54.077root 11241100x8000000000000000182944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d41a2b9dc77052022-04-04 14:00:54.077root 11241100x8000000000000000182943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6894ee6ede4e85082022-04-04 14:00:54.077root 11241100x8000000000000000182942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ea50d3b1c437252022-04-04 14:00:54.077root 11241100x8000000000000000182941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a6de9caab63f12022-04-04 14:00:54.077root 11241100x8000000000000000182940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5360b9fd6568e3a92022-04-04 14:00:54.077root 11241100x8000000000000000182953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8feb3c0da17acf4a2022-04-04 14:00:54.078root 11241100x8000000000000000182952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ee38552f83d5882022-04-04 14:00:54.078root 11241100x8000000000000000182954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a097ab52dfe07742022-04-04 14:00:54.576root 11241100x8000000000000000182966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9c200f112b3562022-04-04 14:00:54.577root 11241100x8000000000000000182965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5e0bb96dc0301c2022-04-04 14:00:54.577root 11241100x8000000000000000182964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca458c9ff2958f542022-04-04 14:00:54.577root 11241100x8000000000000000182963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6021c817b13f5fa82022-04-04 14:00:54.577root 11241100x8000000000000000182962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a86972cc1c8a0602022-04-04 14:00:54.577root 11241100x8000000000000000182961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8d36158e58a52f2022-04-04 14:00:54.577root 11241100x8000000000000000182960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d22a588a82bfd12022-04-04 14:00:54.577root 11241100x8000000000000000182959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32052d5c246a7522022-04-04 14:00:54.577root 11241100x8000000000000000182958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad230e87a24563b2022-04-04 14:00:54.577root 11241100x8000000000000000182957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1031cfb4a093e8112022-04-04 14:00:54.577root 11241100x8000000000000000182956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7db14acca4fb4ad2022-04-04 14:00:54.577root 11241100x8000000000000000182955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0acf13e3fe3a312022-04-04 14:00:54.577root 11241100x8000000000000000182969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d1b79916dc1fca2022-04-04 14:00:54.578root 11241100x8000000000000000182968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcf4029d461e7842022-04-04 14:00:54.578root 11241100x8000000000000000182967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a6c8a6dd2ece902022-04-04 14:00:54.578root 11241100x8000000000000000182971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c0e1a3375a0e52022-04-04 14:00:55.076root 11241100x8000000000000000182970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5c1e3db4ce6be2022-04-04 14:00:55.076root 11241100x8000000000000000182985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab7b55ac16b19522022-04-04 14:00:55.077root 11241100x8000000000000000182984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb278cc9de666a2022-04-04 14:00:55.077root 11241100x8000000000000000182983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aef25dfc00b63b52022-04-04 14:00:55.077root 11241100x8000000000000000182982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a22fae9a2d3fc082022-04-04 14:00:55.077root 11241100x8000000000000000182981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd71341437fb8dfc2022-04-04 14:00:55.077root 11241100x8000000000000000182980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6852be1ca3c79e2022-04-04 14:00:55.077root 11241100x8000000000000000182979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8e204a33886f1d2022-04-04 14:00:55.077root 11241100x8000000000000000182978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67b6d4b40a8fa642022-04-04 14:00:55.077root 11241100x8000000000000000182977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca4a1b396e9bf112022-04-04 14:00:55.077root 11241100x8000000000000000182976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47bbc4afd0e1e062022-04-04 14:00:55.077root 11241100x8000000000000000182975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe5720048ae11ed2022-04-04 14:00:55.077root 11241100x8000000000000000182974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e781f53dbcbcc5322022-04-04 14:00:55.077root 11241100x8000000000000000182973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1def9f2200bbbb702022-04-04 14:00:55.077root 11241100x8000000000000000182972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4700a171cbc89fbe2022-04-04 14:00:55.077root 11241100x8000000000000000182987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d1febfca76c71d2022-04-04 14:00:55.576root 11241100x8000000000000000182986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac3e4abb7452692022-04-04 14:00:55.576root 11241100x8000000000000000183001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb49ced27e3f0e72022-04-04 14:00:55.577root 11241100x8000000000000000183000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ffe08c1451746d2022-04-04 14:00:55.577root 11241100x8000000000000000182999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e605a0b4b852c542022-04-04 14:00:55.577root 11241100x8000000000000000182998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85834ba198369ebe2022-04-04 14:00:55.577root 11241100x8000000000000000182997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363248dc56bf7a3e2022-04-04 14:00:55.577root 11241100x8000000000000000182996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e279c696e2da6b7e2022-04-04 14:00:55.577root 11241100x8000000000000000182995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c96c6ed44a51102022-04-04 14:00:55.577root 11241100x8000000000000000182994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37913e86e381fe1b2022-04-04 14:00:55.577root 11241100x8000000000000000182993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475ab5978eed6ea62022-04-04 14:00:55.577root 11241100x8000000000000000182992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa40cee1bd2c9d92022-04-04 14:00:55.577root 11241100x8000000000000000182991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac82992e5c53722022-04-04 14:00:55.577root 11241100x8000000000000000182990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ef8601ec5e38162022-04-04 14:00:55.577root 11241100x8000000000000000182989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58958b928743ae52022-04-04 14:00:55.577root 11241100x8000000000000000182988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa400eb03b67762022-04-04 14:00:55.577root 154100x8000000000000000183002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.933{ec21797c-fa17-624a-6864-4ef1aa550000}5982/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec21797c-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2317--- 11241100x8000000000000000183004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.934{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c2246a496e52f2022-04-04 14:00:55.934root 11241100x8000000000000000183003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.934{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d81539e26d7be2022-04-04 14:00:55.934root 11241100x8000000000000000183007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.935{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e4606ea20bd1d2022-04-04 14:00:55.935root 11241100x8000000000000000183006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.935{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8446733d1bb2552022-04-04 14:00:55.935root 11241100x8000000000000000183005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.935{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab93bdbbb27f7aa92022-04-04 14:00:55.935root 11241100x8000000000000000183013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c0beb8c2c17de2022-04-04 14:00:55.936root 11241100x8000000000000000183012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e597566de8a94e2022-04-04 14:00:55.936root 11241100x8000000000000000183011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea22319a4e0897a2022-04-04 14:00:55.936root 11241100x8000000000000000183010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f85975a4b0678682022-04-04 14:00:55.936root 11241100x8000000000000000183009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f97cdb56e3c5c12022-04-04 14:00:55.936root 11241100x8000000000000000183008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d62b14fc9b23202022-04-04 14:00:55.936root 11241100x8000000000000000183019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be1af2d3c3283832022-04-04 14:00:55.937root 11241100x8000000000000000183018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53d1e1f0c419e572022-04-04 14:00:55.937root 11241100x8000000000000000183017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc636e54a0fa33292022-04-04 14:00:55.937root 11241100x8000000000000000183016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e47e9ecd397b8902022-04-04 14:00:55.937root 11241100x8000000000000000183015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c591eb934ec398ab2022-04-04 14:00:55.937root 11241100x8000000000000000183014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70829e5a7302eeb2022-04-04 14:00:55.937root 11241100x8000000000000000183021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.938{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95d2f16a970b0362022-04-04 14:00:55.938root 11241100x8000000000000000183020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.938{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887ddb1387d4523a2022-04-04 14:00:55.938root 534500x8000000000000000183022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.949{ec21797c-fa17-624a-6864-4ef1aa550000}5982/bin/psroot 11241100x8000000000000000183024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3168210810c4b72022-04-04 14:00:56.326root 11241100x8000000000000000183023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1747f978f5f281fe2022-04-04 14:00:56.326root 11241100x8000000000000000183037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30811498d9b3360d2022-04-04 14:00:56.327root 11241100x8000000000000000183036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7955214133567f2022-04-04 14:00:56.327root 11241100x8000000000000000183035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76883dddc5155e4d2022-04-04 14:00:56.327root 11241100x8000000000000000183034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc2aec0207205772022-04-04 14:00:56.327root 11241100x8000000000000000183033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971a271adfb77c8c2022-04-04 14:00:56.327root 11241100x8000000000000000183032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6050d53e0c599d252022-04-04 14:00:56.327root 11241100x8000000000000000183031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8b430ddfb467442022-04-04 14:00:56.327root 11241100x8000000000000000183030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb742f1a8b6492572022-04-04 14:00:56.327root 11241100x8000000000000000183029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fd9fd1fd7faad2022-04-04 14:00:56.327root 11241100x8000000000000000183028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0714515aa644ce252022-04-04 14:00:56.327root 11241100x8000000000000000183027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0e79ec46fdee82022-04-04 14:00:56.327root 11241100x8000000000000000183026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3327f00f31d7c2022-04-04 14:00:56.327root 11241100x8000000000000000183025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d22d09d1016c6282022-04-04 14:00:56.327root 11241100x8000000000000000183040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d857a09636605082022-04-04 14:00:56.328root 11241100x8000000000000000183039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ba625f5be30a52022-04-04 14:00:56.328root 11241100x8000000000000000183038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d88f2c2578b780a2022-04-04 14:00:56.328root 11241100x8000000000000000183047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14c19fdb74720c12022-04-04 14:00:56.827root 11241100x8000000000000000183046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2058af632815a4b2022-04-04 14:00:56.827root 11241100x8000000000000000183045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ef828fb1004ea52022-04-04 14:00:56.827root 11241100x8000000000000000183044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81daef212b2e1632022-04-04 14:00:56.827root 11241100x8000000000000000183043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ed3ca14b6cfa9d2022-04-04 14:00:56.827root 11241100x8000000000000000183042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f334cff0732b2662022-04-04 14:00:56.827root 11241100x8000000000000000183041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78325477ce964d982022-04-04 14:00:56.827root 11241100x8000000000000000183057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6669cd3bf2dfed2022-04-04 14:00:56.828root 11241100x8000000000000000183056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e312f468ab8672022-04-04 14:00:56.828root 11241100x8000000000000000183055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d01399ffac74472022-04-04 14:00:56.828root 11241100x8000000000000000183054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b092d67f490535302022-04-04 14:00:56.828root 11241100x8000000000000000183053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4f9c74ecb7b8612022-04-04 14:00:56.828root 11241100x8000000000000000183052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f21e4a6d5377fe2022-04-04 14:00:56.828root 11241100x8000000000000000183051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa80b746f25f5ed2022-04-04 14:00:56.828root 11241100x8000000000000000183050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2a161d48197132022-04-04 14:00:56.828root 11241100x8000000000000000183049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fcf465e0aa1a792022-04-04 14:00:56.828root 11241100x8000000000000000183048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a137f5356c48aac12022-04-04 14:00:56.828root 11241100x8000000000000000183058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9514c3073b3fedbc2022-04-04 14:00:56.829root 11241100x8000000000000000183071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c22f4b128b58c062022-04-04 14:00:57.327root 11241100x8000000000000000183070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9c451be5aff3602022-04-04 14:00:57.327root 11241100x8000000000000000183069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7c3f527a99008c2022-04-04 14:00:57.327root 11241100x8000000000000000183068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06c56b8f5e6cde72022-04-04 14:00:57.327root 11241100x8000000000000000183067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a9849e99e80fd12022-04-04 14:00:57.327root 11241100x8000000000000000183066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbbb8f7e48c711a2022-04-04 14:00:57.327root 11241100x8000000000000000183065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71e6883bfc42a4d2022-04-04 14:00:57.327root 11241100x8000000000000000183064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdc0778006b93aa2022-04-04 14:00:57.327root 11241100x8000000000000000183063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f1115a2c65f04e2022-04-04 14:00:57.327root 11241100x8000000000000000183062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf335c9afe3605552022-04-04 14:00:57.327root 11241100x8000000000000000183061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357591ecb23487462022-04-04 14:00:57.327root 11241100x8000000000000000183060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e845e7fcf224182022-04-04 14:00:57.327root 11241100x8000000000000000183059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21d59ee82bede5a2022-04-04 14:00:57.327root 11241100x8000000000000000183076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b6cd2aa5724ba62022-04-04 14:00:57.328root 11241100x8000000000000000183075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb2abb8a5ae6db62022-04-04 14:00:57.328root 11241100x8000000000000000183074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4629996eae210e352022-04-04 14:00:57.328root 11241100x8000000000000000183073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3a268b54bfbb942022-04-04 14:00:57.328root 11241100x8000000000000000183072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28093cc6fda3728e2022-04-04 14:00:57.328root 11241100x8000000000000000183083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a6381442d96cc2022-04-04 14:00:57.827root 11241100x8000000000000000183082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47083331fed070472022-04-04 14:00:57.827root 11241100x8000000000000000183081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4826573a4a2bf5842022-04-04 14:00:57.827root 11241100x8000000000000000183080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e460abc6279dc29f2022-04-04 14:00:57.827root 11241100x8000000000000000183079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c5161b54d90e22022-04-04 14:00:57.827root 11241100x8000000000000000183078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7be12354585a52b2022-04-04 14:00:57.827root 11241100x8000000000000000183077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce3f96fa42470182022-04-04 14:00:57.827root 11241100x8000000000000000183090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aad41b5de5ed552022-04-04 14:00:57.828root 11241100x8000000000000000183089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1c6a8bab1578c72022-04-04 14:00:57.828root 11241100x8000000000000000183088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110199c163c52f462022-04-04 14:00:57.828root 11241100x8000000000000000183087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c58ffaef1e95ac2022-04-04 14:00:57.828root 11241100x8000000000000000183086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea736b96d7005e322022-04-04 14:00:57.828root 11241100x8000000000000000183085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc76d1f083b60e42022-04-04 14:00:57.828root 11241100x8000000000000000183084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98806fb8454a92232022-04-04 14:00:57.828root 11241100x8000000000000000183094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2201f7bbc56602022-04-04 14:00:57.829root 11241100x8000000000000000183093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a693192b6de03b652022-04-04 14:00:57.829root 11241100x8000000000000000183092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12ee699a8d755e12022-04-04 14:00:57.829root 11241100x8000000000000000183091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a48f5fd9632dd72022-04-04 14:00:57.829root 11241100x8000000000000000183099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b0412d07282a6d2022-04-04 14:00:58.144root 11241100x8000000000000000183098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ee9beda9e931c92022-04-04 14:00:58.144root 11241100x8000000000000000183097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6943eb241150c2302022-04-04 14:00:58.144root 11241100x8000000000000000183096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cb529278bb43402022-04-04 14:00:58.144root 354300x8000000000000000183095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34450-false10.0.1.12-8000- 11241100x8000000000000000183111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e112a816871071e2022-04-04 14:00:58.145root 11241100x8000000000000000183110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88a5cb9385cc3e92022-04-04 14:00:58.145root 11241100x8000000000000000183109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c932d8553e74e3682022-04-04 14:00:58.145root 11241100x8000000000000000183108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a62e292264db46a2022-04-04 14:00:58.145root 11241100x8000000000000000183107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3958fcc3bfebf26d2022-04-04 14:00:58.145root 11241100x8000000000000000183106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ed694d0fcc4c942022-04-04 14:00:58.145root 11241100x8000000000000000183105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24ccf3105ff59822022-04-04 14:00:58.145root 11241100x8000000000000000183104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5379cec3a3ac9f6b2022-04-04 14:00:58.145root 11241100x8000000000000000183103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430bea78d84216b2022-04-04 14:00:58.145root 11241100x8000000000000000183102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0260ffe5eb2f00d2022-04-04 14:00:58.145root 11241100x8000000000000000183101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24c5fcf5bc55692022-04-04 14:00:58.145root 11241100x8000000000000000183100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838e8336022e3a5a2022-04-04 14:00:58.145root 11241100x8000000000000000183114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.146{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d9bb2007dab1ae2022-04-04 14:00:58.146root 11241100x8000000000000000183113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.146{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de67897ade8de8492022-04-04 14:00:58.146root 11241100x8000000000000000183112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.146{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7160a6aeff3a64c72022-04-04 14:00:58.146root 11241100x8000000000000000183115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d95e66ce157332b2022-04-04 14:00:58.576root 11241100x8000000000000000183130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d8c3ef9b5f3ed92022-04-04 14:00:58.577root 11241100x8000000000000000183129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24abe7c2ab41c79c2022-04-04 14:00:58.577root 11241100x8000000000000000183128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeec512c6520aace2022-04-04 14:00:58.577root 11241100x8000000000000000183127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c61ab31b386e572022-04-04 14:00:58.577root 11241100x8000000000000000183126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da5eb63e0b498fd2022-04-04 14:00:58.577root 11241100x8000000000000000183125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ea6852653344df2022-04-04 14:00:58.577root 11241100x8000000000000000183124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804f1dab3b0ddc792022-04-04 14:00:58.577root 11241100x8000000000000000183123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9caf62296bb27a12022-04-04 14:00:58.577root 11241100x8000000000000000183122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623ef54aa5a99ef32022-04-04 14:00:58.577root 11241100x8000000000000000183121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd3aa7d025b8ddc2022-04-04 14:00:58.577root 11241100x8000000000000000183120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c0c1689ee7af152022-04-04 14:00:58.577root 11241100x8000000000000000183119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d28140a8070ee372022-04-04 14:00:58.577root 11241100x8000000000000000183118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627b7e111a98f4202022-04-04 14:00:58.577root 11241100x8000000000000000183117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582c4f6d101f061f2022-04-04 14:00:58.577root 11241100x8000000000000000183116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7825a1f124ea5e62022-04-04 14:00:58.577root 11241100x8000000000000000183133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a2cefa0dc5df532022-04-04 14:00:58.578root 11241100x8000000000000000183132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698805a87b50c8952022-04-04 14:00:58.578root 11241100x8000000000000000183131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5392ee57a37c182022-04-04 14:00:58.578root 11241100x8000000000000000183137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51ad9d47bc4aa122022-04-04 14:00:59.077root 11241100x8000000000000000183136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32a5f60e1bd3dc02022-04-04 14:00:59.077root 11241100x8000000000000000183135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3920b868ea3afbae2022-04-04 14:00:59.077root 11241100x8000000000000000183134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58412c0ad90abfdf2022-04-04 14:00:59.077root 11241100x8000000000000000183140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420121b22e2fa712022-04-04 14:00:59.078root 11241100x8000000000000000183139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec991a1ad276ab2022-04-04 14:00:59.078root 11241100x8000000000000000183138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f515002dbddcc2b2022-04-04 14:00:59.078root 11241100x8000000000000000183144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6cc1d5e3e80a12022-04-04 14:00:59.080root 11241100x8000000000000000183143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5507f67e254d86c42022-04-04 14:00:59.080root 11241100x8000000000000000183142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb630a6f7218acb62022-04-04 14:00:59.080root 11241100x8000000000000000183141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee7b700f0f2bc52022-04-04 14:00:59.080root 11241100x8000000000000000183152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a1fc1f694ec3e72022-04-04 14:00:59.081root 11241100x8000000000000000183151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbd60228ae864f72022-04-04 14:00:59.081root 11241100x8000000000000000183150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180f1f0e6cc86c132022-04-04 14:00:59.081root 11241100x8000000000000000183149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68a068bbd79a80b2022-04-04 14:00:59.081root 11241100x8000000000000000183148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abecdebdcbae3fa82022-04-04 14:00:59.081root 11241100x8000000000000000183147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eed8efc77fb10bd2022-04-04 14:00:59.081root 11241100x8000000000000000183146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a5d1dfaab82f0c2022-04-04 14:00:59.081root 11241100x8000000000000000183145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c660e0e86f2bb492022-04-04 14:00:59.081root 11241100x8000000000000000183153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7e5caf51f07f0f2022-04-04 14:00:59.576root 11241100x8000000000000000183161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12979096491163de2022-04-04 14:00:59.577root 11241100x8000000000000000183160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2742eb7e922feb8c2022-04-04 14:00:59.577root 11241100x8000000000000000183159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2159997f6073622022-04-04 14:00:59.577root 11241100x8000000000000000183158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c8ef362db55ee02022-04-04 14:00:59.577root 11241100x8000000000000000183157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aff5c7393402192022-04-04 14:00:59.577root 11241100x8000000000000000183156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cfc39158a798d72022-04-04 14:00:59.577root 11241100x8000000000000000183155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770af3501cfb096b2022-04-04 14:00:59.577root 11241100x8000000000000000183154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64479b706608b2342022-04-04 14:00:59.577root 11241100x8000000000000000183169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e185827d5142ea92022-04-04 14:00:59.578root 11241100x8000000000000000183168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a377e7d60cd7bbf2022-04-04 14:00:59.578root 11241100x8000000000000000183167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db473deeef84812022-04-04 14:00:59.578root 11241100x8000000000000000183166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0ba46ef333b772022-04-04 14:00:59.578root 11241100x8000000000000000183165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5342cce3829d69fc2022-04-04 14:00:59.578root 11241100x8000000000000000183164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116b97241750c4c82022-04-04 14:00:59.578root 11241100x8000000000000000183163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247c9ccbad2ab9212022-04-04 14:00:59.578root 11241100x8000000000000000183162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fe490ba08f809a2022-04-04 14:00:59.578root 11241100x8000000000000000183171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde3d5dba4af35bb2022-04-04 14:00:59.579root 11241100x8000000000000000183170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5455504ee50707692022-04-04 14:00:59.579root 11241100x8000000000000000183172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989280c9d0c8959e2022-04-04 14:01:00.076root 11241100x8000000000000000183186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c00738c3b7c77562022-04-04 14:01:00.077root 11241100x8000000000000000183185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0663fc1cce5b112022-04-04 14:01:00.077root 11241100x8000000000000000183184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92527b223999988e2022-04-04 14:01:00.077root 11241100x8000000000000000183183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c067f82d9f60d4282022-04-04 14:01:00.077root 11241100x8000000000000000183182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63df66fab786d872022-04-04 14:01:00.077root 11241100x8000000000000000183181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da98edc9cdbca6682022-04-04 14:01:00.077root 11241100x8000000000000000183180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c147907da7c5222022-04-04 14:01:00.077root 11241100x8000000000000000183179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801d0b7514f07072022-04-04 14:01:00.077root 11241100x8000000000000000183178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6201879c2a384042022-04-04 14:01:00.077root 11241100x8000000000000000183177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e747cf7fc0e1284a2022-04-04 14:01:00.077root 11241100x8000000000000000183176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbc2f3c4ffb9a1b2022-04-04 14:01:00.077root 11241100x8000000000000000183175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b85e24c67d1ee2022-04-04 14:01:00.077root 11241100x8000000000000000183174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83404edd983fdd842022-04-04 14:01:00.077root 11241100x8000000000000000183173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aa6ee6c49003662022-04-04 14:01:00.077root 11241100x8000000000000000183190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf58acfd46892c2022-04-04 14:01:00.078root 11241100x8000000000000000183189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681ec466eb0b06bd2022-04-04 14:01:00.078root 11241100x8000000000000000183188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d6022a99d4c98a2022-04-04 14:01:00.078root 11241100x8000000000000000183187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdd2f65f1cf765a2022-04-04 14:01:00.078root 11241100x8000000000000000183198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bc34a0926c552e2022-04-04 14:01:00.577root 11241100x8000000000000000183197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e607657c55538f12022-04-04 14:01:00.577root 11241100x8000000000000000183196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b300b1f3f6de1d2022-04-04 14:01:00.577root 11241100x8000000000000000183195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eebd3d7df1410f2022-04-04 14:01:00.577root 11241100x8000000000000000183194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15afa9bcbb5b91e2022-04-04 14:01:00.577root 11241100x8000000000000000183193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030291334553c3212022-04-04 14:01:00.577root 11241100x8000000000000000183192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1af979bc3a61abc2022-04-04 14:01:00.577root 11241100x8000000000000000183191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98180c069f3422d2022-04-04 14:01:00.577root 11241100x8000000000000000183207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67230bd1b4deba012022-04-04 14:01:00.578root 11241100x8000000000000000183206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe01293c0847d6ad2022-04-04 14:01:00.578root 11241100x8000000000000000183205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f061f0e6d25c52022-04-04 14:01:00.578root 11241100x8000000000000000183204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97813a0927511702022-04-04 14:01:00.578root 11241100x8000000000000000183203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddebc2456baf593b2022-04-04 14:01:00.578root 11241100x8000000000000000183202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6a6c8a03b504eb2022-04-04 14:01:00.578root 11241100x8000000000000000183201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae526f4d1a5a51f62022-04-04 14:01:00.578root 11241100x8000000000000000183200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e0095e83516f802022-04-04 14:01:00.578root 11241100x8000000000000000183199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41264f3771326562022-04-04 14:01:00.578root 11241100x8000000000000000183209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e311ee65dd1b2fc12022-04-04 14:01:00.579root 11241100x8000000000000000183208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71053b4444a830ee2022-04-04 14:01:00.579root 11241100x8000000000000000183210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d579c1f6ea8d552022-04-04 14:01:01.076root 11241100x8000000000000000183217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568ae7191135373a2022-04-04 14:01:01.077root 11241100x8000000000000000183216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf015beda1ed40f2022-04-04 14:01:01.077root 11241100x8000000000000000183215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042d1a6438b545222022-04-04 14:01:01.077root 11241100x8000000000000000183214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a873a7df03c9a97f2022-04-04 14:01:01.077root 11241100x8000000000000000183213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f858ae20bfc0f352022-04-04 14:01:01.077root 11241100x8000000000000000183212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ece18e6a5ac60b62022-04-04 14:01:01.077root 11241100x8000000000000000183211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e9434ecdee126b2022-04-04 14:01:01.077root 11241100x8000000000000000183228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19507b346f201432022-04-04 14:01:01.078root 11241100x8000000000000000183227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72819f0fc3df9c882022-04-04 14:01:01.078root 11241100x8000000000000000183226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56baadd7585c005d2022-04-04 14:01:01.078root 11241100x8000000000000000183225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29f5b83a0f0a4d92022-04-04 14:01:01.078root 11241100x8000000000000000183224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cd5eb3a43dae9c2022-04-04 14:01:01.078root 11241100x8000000000000000183223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be643ef6df2763d2022-04-04 14:01:01.078root 11241100x8000000000000000183222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774772f988b3da52022-04-04 14:01:01.078root 11241100x8000000000000000183221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9f9c89aac635b92022-04-04 14:01:01.078root 11241100x8000000000000000183220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb0b8cf241d801a2022-04-04 14:01:01.078root 11241100x8000000000000000183219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9f322fcace2672022-04-04 14:01:01.078root 11241100x8000000000000000183218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7080809736c5476e2022-04-04 14:01:01.078root 11241100x8000000000000000183229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bdc209a342e75f2022-04-04 14:01:01.576root 11241100x8000000000000000183233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489ca2bda7f2eff2022-04-04 14:01:01.577root 11241100x8000000000000000183232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed840fbab83b6462022-04-04 14:01:01.577root 11241100x8000000000000000183231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80b0c2f18e265f22022-04-04 14:01:01.577root 11241100x8000000000000000183230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6982b7ac46b8ff302022-04-04 14:01:01.577root 11241100x8000000000000000183238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7b464c78db67f12022-04-04 14:01:01.579root 11241100x8000000000000000183237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a56bad66bbdec32022-04-04 14:01:01.579root 11241100x8000000000000000183236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d8573d00cee6f92022-04-04 14:01:01.579root 11241100x8000000000000000183235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f687f8e3c386322022-04-04 14:01:01.579root 11241100x8000000000000000183234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb1daf094486c9b2022-04-04 14:01:01.579root 11241100x8000000000000000183246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813fd373b4a9bdd2022-04-04 14:01:01.580root 11241100x8000000000000000183245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840c2c9562cf666c2022-04-04 14:01:01.580root 11241100x8000000000000000183244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99ede6e62c851ff2022-04-04 14:01:01.580root 11241100x8000000000000000183243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d58cb042f36a92022-04-04 14:01:01.580root 11241100x8000000000000000183242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c58431a32719032022-04-04 14:01:01.580root 11241100x8000000000000000183241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5343e3e42dae5dcb2022-04-04 14:01:01.580root 11241100x8000000000000000183240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5440c8d195ceae552022-04-04 14:01:01.580root 11241100x8000000000000000183239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f97083371f26b262022-04-04 14:01:01.580root 11241100x8000000000000000183247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1220aa7f88db7c22022-04-04 14:01:01.581root 11241100x8000000000000000183253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db539e69ef8eb932022-04-04 14:01:02.077root 11241100x8000000000000000183252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bd394a5e0514f02022-04-04 14:01:02.077root 11241100x8000000000000000183251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61689f89b8d4700d2022-04-04 14:01:02.077root 11241100x8000000000000000183250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37e57ce4d0156c2022-04-04 14:01:02.077root 11241100x8000000000000000183249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e70bcb4a31be3172022-04-04 14:01:02.077root 11241100x8000000000000000183248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107f2ad3879771482022-04-04 14:01:02.077root 11241100x8000000000000000183265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b9e35b862bc41c2022-04-04 14:01:02.078root 11241100x8000000000000000183264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9f9201d2b7a55a2022-04-04 14:01:02.078root 11241100x8000000000000000183263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28413148df6effc52022-04-04 14:01:02.078root 11241100x8000000000000000183262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04389153582597a42022-04-04 14:01:02.078root 11241100x8000000000000000183261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26f3c908caf9e232022-04-04 14:01:02.078root 11241100x8000000000000000183260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6753edcea318da302022-04-04 14:01:02.078root 11241100x8000000000000000183259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac514dc0c6305082022-04-04 14:01:02.078root 11241100x8000000000000000183258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65c5107a9c988212022-04-04 14:01:02.078root 11241100x8000000000000000183257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e34b51f0998ed842022-04-04 14:01:02.078root 11241100x8000000000000000183256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dc6c531cdb1ef22022-04-04 14:01:02.078root 11241100x8000000000000000183255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42774021c503e422022-04-04 14:01:02.078root 11241100x8000000000000000183254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc172c91ba4e14bb2022-04-04 14:01:02.078root 11241100x8000000000000000183266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba69029d1513072022-04-04 14:01:02.079root 11241100x8000000000000000183267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.257{ec21797c-f0d9-624a-60fc-886112560000}5459/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-04-04 14:01:02.257root 11241100x8000000000000000183268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e783eb22523a7c42022-04-04 14:01:02.576root 11241100x8000000000000000183271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75181ba0fda9261f2022-04-04 14:01:02.577root 11241100x8000000000000000183270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3d803b8917742e2022-04-04 14:01:02.577root 11241100x8000000000000000183269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd9bafa76d18c5a2022-04-04 14:01:02.577root 11241100x8000000000000000183281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ae0e4f7165468a2022-04-04 14:01:02.578root 11241100x8000000000000000183280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf5fca07b643492022-04-04 14:01:02.578root 11241100x8000000000000000183279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fda651a97d75c42022-04-04 14:01:02.578root 11241100x8000000000000000183278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c5f8548b9909942022-04-04 14:01:02.578root 11241100x8000000000000000183277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7267eba2e7aba4a2022-04-04 14:01:02.578root 11241100x8000000000000000183276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e28ce0590375942022-04-04 14:01:02.578root 11241100x8000000000000000183275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3729ef98c6d31a2022-04-04 14:01:02.578root 11241100x8000000000000000183274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e804e0c222d122022-04-04 14:01:02.578root 11241100x8000000000000000183273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42b5b2b7040a4e62022-04-04 14:01:02.578root 11241100x8000000000000000183272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b629ad82405da0d2022-04-04 14:01:02.578root 11241100x8000000000000000183288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7c61c4db9278ad2022-04-04 14:01:02.579root 11241100x8000000000000000183287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f64330ce43a88872022-04-04 14:01:02.579root 11241100x8000000000000000183286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768d378be3e27a402022-04-04 14:01:02.579root 11241100x8000000000000000183285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f94bbeb9fa11172022-04-04 14:01:02.579root 11241100x8000000000000000183284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9066f9a83a3a8bd82022-04-04 14:01:02.579root 11241100x8000000000000000183283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1961b89a1cd2952022-04-04 14:01:02.579root 11241100x8000000000000000183282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afa12965b73aabe2022-04-04 14:01:02.579root 11241100x8000000000000000183298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e732673ed30a5a2022-04-04 14:01:03.077root 11241100x8000000000000000183297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ed0825098f08bd2022-04-04 14:01:03.077root 11241100x8000000000000000183296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0fd790443645ce2022-04-04 14:01:03.077root 11241100x8000000000000000183295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7b127a42528f3c2022-04-04 14:01:03.077root 11241100x8000000000000000183294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e04bb438cac1e22022-04-04 14:01:03.077root 11241100x8000000000000000183293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828edcf4b106fe352022-04-04 14:01:03.077root 11241100x8000000000000000183292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbfe18c96bb5da92022-04-04 14:01:03.077root 11241100x8000000000000000183291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13015104dbb42d892022-04-04 14:01:03.077root 11241100x8000000000000000183290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4d8969ad17c6722022-04-04 14:01:03.077root 11241100x8000000000000000183289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc6cd70d44e938b2022-04-04 14:01:03.077root 11241100x8000000000000000183308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2eb7f61537c4672022-04-04 14:01:03.078root 11241100x8000000000000000183307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b016aa4ba824bb2022-04-04 14:01:03.078root 11241100x8000000000000000183306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eb02c673255ed42022-04-04 14:01:03.078root 11241100x8000000000000000183305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602ed0428ed92d592022-04-04 14:01:03.078root 11241100x8000000000000000183304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756e1bb6bba4b58e2022-04-04 14:01:03.078root 11241100x8000000000000000183303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74259b326ccf399d2022-04-04 14:01:03.078root 11241100x8000000000000000183302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccec83fe0976e9602022-04-04 14:01:03.078root 11241100x8000000000000000183301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d11d1285dde3432022-04-04 14:01:03.078root 11241100x8000000000000000183300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b1126bf40f14062022-04-04 14:01:03.078root 11241100x8000000000000000183299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3286d22c2892972022-04-04 14:01:03.078root 354300x8000000000000000183309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.241{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34452-false10.0.1.12-8000- 11241100x8000000000000000183321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a783bd27019c52022-04-04 14:01:03.577root 11241100x8000000000000000183320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2c6bac5cc574aa2022-04-04 14:01:03.577root 11241100x8000000000000000183319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99a97160cd538c12022-04-04 14:01:03.577root 11241100x8000000000000000183318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320f14413522eb882022-04-04 14:01:03.577root 11241100x8000000000000000183317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284fecb71f244ddc2022-04-04 14:01:03.577root 11241100x8000000000000000183316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be75bf72c36c76de2022-04-04 14:01:03.577root 11241100x8000000000000000183315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79f6766fb336a832022-04-04 14:01:03.577root 11241100x8000000000000000183314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ca93e8cad27de72022-04-04 14:01:03.577root 11241100x8000000000000000183313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1ec894a78a97602022-04-04 14:01:03.577root 11241100x8000000000000000183312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d774b9addc7d172022-04-04 14:01:03.577root 11241100x8000000000000000183311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf29a0c5bfcaca2022-04-04 14:01:03.577root 11241100x8000000000000000183310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2d4cd5c10c4c282022-04-04 14:01:03.577root 11241100x8000000000000000183329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8e3232aed75e102022-04-04 14:01:03.578root 11241100x8000000000000000183328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8358706f826bc9f2022-04-04 14:01:03.578root 11241100x8000000000000000183327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee4ec5083a904872022-04-04 14:01:03.578root 11241100x8000000000000000183326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dbc056a9acf2fa2022-04-04 14:01:03.578root 11241100x8000000000000000183325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ce04fa01b3c3702022-04-04 14:01:03.578root 11241100x8000000000000000183324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9346dd3a24e7edcc2022-04-04 14:01:03.578root 11241100x8000000000000000183323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dcf0e769f3981a2022-04-04 14:01:03.578root 11241100x8000000000000000183322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f532fd02f97c4e5b2022-04-04 14:01:03.578root 11241100x8000000000000000183330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ec60582e49bd302022-04-04 14:01:03.579root 11241100x8000000000000000183331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa49073041923f52022-04-04 14:01:04.076root 11241100x8000000000000000183337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a2e7be11b30bd42022-04-04 14:01:04.077root 11241100x8000000000000000183336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1616800437b5e4c52022-04-04 14:01:04.077root 11241100x8000000000000000183335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0615f3c13c11a22022-04-04 14:01:04.077root 11241100x8000000000000000183334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38afdac1391c97c62022-04-04 14:01:04.077root 11241100x8000000000000000183333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480cc60b78845fd2022-04-04 14:01:04.077root 11241100x8000000000000000183332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6b67dec180f69f2022-04-04 14:01:04.077root 11241100x8000000000000000183348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf66b581b5269572022-04-04 14:01:04.078root 11241100x8000000000000000183347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a2e84a9d4a41072022-04-04 14:01:04.078root 11241100x8000000000000000183346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa0d6f264be73342022-04-04 14:01:04.078root 11241100x8000000000000000183345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb10df26b7731f02022-04-04 14:01:04.078root 11241100x8000000000000000183344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579ce7788862aa82022-04-04 14:01:04.078root 11241100x8000000000000000183343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d127ac702cde72022-04-04 14:01:04.078root 11241100x8000000000000000183342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59fa619345c2d692022-04-04 14:01:04.078root 11241100x8000000000000000183341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c13097761318f12022-04-04 14:01:04.078root 11241100x8000000000000000183340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51be938bb81834c02022-04-04 14:01:04.078root 11241100x8000000000000000183339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d846dbebfa06f6b2022-04-04 14:01:04.078root 11241100x8000000000000000183338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3a407e63b30a962022-04-04 14:01:04.078root 11241100x8000000000000000183353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833ab3aec08fb3112022-04-04 14:01:04.079root 11241100x8000000000000000183352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac3e9abc13acf122022-04-04 14:01:04.079root 11241100x8000000000000000183351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bd076c96d7b1c32022-04-04 14:01:04.079root 11241100x8000000000000000183350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8944c61abfe521652022-04-04 14:01:04.079root 11241100x8000000000000000183349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17ca34c39eb91b2022-04-04 14:01:04.079root 11241100x8000000000000000183358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e6a60b78a61142022-04-04 14:01:04.577root 11241100x8000000000000000183357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917c10234d8bec6f2022-04-04 14:01:04.577root 11241100x8000000000000000183356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777415e54d10307f2022-04-04 14:01:04.577root 11241100x8000000000000000183355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad8c3d18c94f5b02022-04-04 14:01:04.577root 11241100x8000000000000000183354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f301094d901c722022-04-04 14:01:04.577root 11241100x8000000000000000183363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef441a5c78f1582022-04-04 14:01:04.578root 11241100x8000000000000000183362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5b8484f8ebf6ae2022-04-04 14:01:04.578root 11241100x8000000000000000183361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dbb80ed28e42272022-04-04 14:01:04.578root 11241100x8000000000000000183360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358753e285ec56452022-04-04 14:01:04.578root 11241100x8000000000000000183359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbea48fd58a8b5522022-04-04 14:01:04.578root 11241100x8000000000000000183371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb8c87edc5ef8f12022-04-04 14:01:04.579root 11241100x8000000000000000183370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1eef694ad6adde2022-04-04 14:01:04.579root 11241100x8000000000000000183369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e04f76b9fbbcd3d2022-04-04 14:01:04.579root 11241100x8000000000000000183368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa0ba76b753f482022-04-04 14:01:04.579root 11241100x8000000000000000183367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84367503672e983e2022-04-04 14:01:04.579root 11241100x8000000000000000183366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9c06de2244d12e2022-04-04 14:01:04.579root 11241100x8000000000000000183365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f221d968927b1d42022-04-04 14:01:04.579root 11241100x8000000000000000183364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6a55c979488d6a2022-04-04 14:01:04.579root 11241100x8000000000000000183374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072afb1b1c52e8452022-04-04 14:01:04.580root 11241100x8000000000000000183373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf107e5fe33db0192022-04-04 14:01:04.580root 11241100x8000000000000000183372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbfc60894be24932022-04-04 14:01:04.580root 11241100x8000000000000000183387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a536577c6128a6f12022-04-04 14:01:05.077root 11241100x8000000000000000183386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2753ea3e9fb3e8f32022-04-04 14:01:05.077root 11241100x8000000000000000183385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349b032a897bba9b2022-04-04 14:01:05.077root 11241100x8000000000000000183384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a15a6cd1c7a5c62022-04-04 14:01:05.077root 11241100x8000000000000000183383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80061ba2b124fd0c2022-04-04 14:01:05.077root 11241100x8000000000000000183382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baae36471c5584d2022-04-04 14:01:05.077root 11241100x8000000000000000183381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bc99ced3f9406e2022-04-04 14:01:05.077root 11241100x8000000000000000183380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbd5c410d88b87f2022-04-04 14:01:05.077root 11241100x8000000000000000183379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccfd450be4054e62022-04-04 14:01:05.077root 11241100x8000000000000000183378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429c1cbad1d47b8e2022-04-04 14:01:05.077root 11241100x8000000000000000183377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd317cda752a0202022-04-04 14:01:05.077root 11241100x8000000000000000183376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a476463cc47fee2022-04-04 14:01:05.077root 11241100x8000000000000000183375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0c34d16241f0c12022-04-04 14:01:05.077root 11241100x8000000000000000183395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460ba9404bb998392022-04-04 14:01:05.078root 11241100x8000000000000000183394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5599209f79bb04c22022-04-04 14:01:05.078root 11241100x8000000000000000183393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65922f5891d38a312022-04-04 14:01:05.078root 11241100x8000000000000000183392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd1e2d7de9c7b822022-04-04 14:01:05.078root 11241100x8000000000000000183391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbf6a9439cc71732022-04-04 14:01:05.078root 11241100x8000000000000000183390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cd2addcc76fec82022-04-04 14:01:05.078root 11241100x8000000000000000183389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b5e76915445c142022-04-04 14:01:05.078root 11241100x8000000000000000183388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e556e1488fa3cb92022-04-04 14:01:05.078root 23542300x8000000000000000183396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.259{ec21797c-f0d9-624a-60fc-886112560000}5459root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000183399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ec450e469ad2232022-04-04 14:01:05.576root 11241100x8000000000000000183398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d28f1b10d1d5d592022-04-04 14:01:05.576root 11241100x8000000000000000183397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410c7528a31c284d2022-04-04 14:01:05.576root 11241100x8000000000000000183412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0cec71c65c0a422022-04-04 14:01:05.577root 11241100x8000000000000000183411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0048ab6cec9e322022-04-04 14:01:05.577root 11241100x8000000000000000183410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13061f9515f9bb372022-04-04 14:01:05.577root 11241100x8000000000000000183409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1143e8427f9cdbf72022-04-04 14:01:05.577root 11241100x8000000000000000183408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f843ce3b5894d8e2022-04-04 14:01:05.577root 11241100x8000000000000000183407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261db1610b5ae69b2022-04-04 14:01:05.577root 11241100x8000000000000000183406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11b5326f9890beb2022-04-04 14:01:05.577root 11241100x8000000000000000183405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa959f4ef8b9c72022-04-04 14:01:05.577root 11241100x8000000000000000183404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b077bf65e9a9a2022-04-04 14:01:05.577root 11241100x8000000000000000183403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9192b6940d16b2022-04-04 14:01:05.577root 11241100x8000000000000000183402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b308702c28a1e92022-04-04 14:01:05.577root 11241100x8000000000000000183401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6052ddaa39a288fa2022-04-04 14:01:05.577root 11241100x8000000000000000183400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e75a4e74147e7092022-04-04 14:01:05.577root 11241100x8000000000000000183419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc53ce93f19bf16f2022-04-04 14:01:05.578root 11241100x8000000000000000183418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d44e13e929322ab2022-04-04 14:01:05.578root 11241100x8000000000000000183417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bdfe81ce0788d72022-04-04 14:01:05.578root 11241100x8000000000000000183416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a7ea02d8aeb7c72022-04-04 14:01:05.578root 11241100x8000000000000000183415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329c2923ed785c162022-04-04 14:01:05.578root 11241100x8000000000000000183414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf784010e5ef0972022-04-04 14:01:05.578root 11241100x8000000000000000183413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de5b1bf17cae1612022-04-04 14:01:05.578root 11241100x8000000000000000183425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacaab2ca68b99d72022-04-04 14:01:06.077root 11241100x8000000000000000183424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb14105909b1278e2022-04-04 14:01:06.077root 11241100x8000000000000000183423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3679732d29494ad2022-04-04 14:01:06.077root 11241100x8000000000000000183422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51f2385cd293f422022-04-04 14:01:06.077root 11241100x8000000000000000183421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a2aaba53ed7a1f2022-04-04 14:01:06.077root 11241100x8000000000000000183420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b156d35cefb6432022-04-04 14:01:06.077root 11241100x8000000000000000183436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42310cf3bea6d2442022-04-04 14:01:06.078root 11241100x8000000000000000183435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f9a2264a74fdcb2022-04-04 14:01:06.078root 11241100x8000000000000000183434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24becc0a14db7c22022-04-04 14:01:06.078root 11241100x8000000000000000183433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aebf40092d06cec2022-04-04 14:01:06.078root 11241100x8000000000000000183432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a686cfa8cb855c5e2022-04-04 14:01:06.078root 11241100x8000000000000000183431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f831a48709a3e4a2022-04-04 14:01:06.078root 11241100x8000000000000000183430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993265da783a94a02022-04-04 14:01:06.078root 11241100x8000000000000000183429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e7c1760b0054f12022-04-04 14:01:06.078root 11241100x8000000000000000183428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46562704c8c79aec2022-04-04 14:01:06.078root 11241100x8000000000000000183427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e341728a19591a2022-04-04 14:01:06.078root 11241100x8000000000000000183426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290c42723dc9ae7a2022-04-04 14:01:06.078root 11241100x8000000000000000183441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a240e3f33016bfe2022-04-04 14:01:06.079root 11241100x8000000000000000183440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1307ccbc4f69bff92022-04-04 14:01:06.079root 11241100x8000000000000000183439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9c04fa24faa8f32022-04-04 14:01:06.079root 11241100x8000000000000000183438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060685373c1302582022-04-04 14:01:06.079root 11241100x8000000000000000183437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9a9872f884fac72022-04-04 14:01:06.079root 11241100x8000000000000000183445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39a61add8b56952022-04-04 14:01:06.576root 11241100x8000000000000000183444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be779fd0ced2602022-04-04 14:01:06.576root 11241100x8000000000000000183443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283aa4d22da95bbe2022-04-04 14:01:06.576root 11241100x8000000000000000183442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69650758c534bf682022-04-04 14:01:06.576root 11241100x8000000000000000183456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a81907fd4347f12022-04-04 14:01:06.577root 11241100x8000000000000000183455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5a4b0997e490512022-04-04 14:01:06.577root 11241100x8000000000000000183454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e151a336744fbc2022-04-04 14:01:06.577root 11241100x8000000000000000183453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360ff6f18c0f27622022-04-04 14:01:06.577root 11241100x8000000000000000183452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b030f2e730cbd94c2022-04-04 14:01:06.577root 11241100x8000000000000000183451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f905f2800924fd2022-04-04 14:01:06.577root 11241100x8000000000000000183450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12aaed96845c7522022-04-04 14:01:06.577root 11241100x8000000000000000183449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57b49b1c3cd31ff2022-04-04 14:01:06.577root 11241100x8000000000000000183448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb7c77b33f1ee552022-04-04 14:01:06.577root 11241100x8000000000000000183447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da432f5ec3bdebe52022-04-04 14:01:06.577root 11241100x8000000000000000183446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350d2fecb63083f22022-04-04 14:01:06.577root 11241100x8000000000000000183465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5ec5b1743c7c1e2022-04-04 14:01:06.578root 11241100x8000000000000000183464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddc30d99e3872c82022-04-04 14:01:06.578root 11241100x8000000000000000183463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de84add9ea99b9b02022-04-04 14:01:06.578root 11241100x8000000000000000183462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d81e4aa54aac6492022-04-04 14:01:06.578root 11241100x8000000000000000183461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b9510d3b10cf522022-04-04 14:01:06.578root 11241100x8000000000000000183460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8cc6e173dfcf662022-04-04 14:01:06.578root 11241100x8000000000000000183459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090fe453944391242022-04-04 14:01:06.578root 11241100x8000000000000000183458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd2a4f819580ada2022-04-04 14:01:06.578root 11241100x8000000000000000183457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c05075c3f5295662022-04-04 14:01:06.578root 11241100x8000000000000000183475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a589dae42b410d02022-04-04 14:01:07.077root 11241100x8000000000000000183474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca64691821f5a7d42022-04-04 14:01:07.077root 11241100x8000000000000000183473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a79cfeaed51682022-04-04 14:01:07.077root 11241100x8000000000000000183472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f58d4d0977ee422022-04-04 14:01:07.077root 11241100x8000000000000000183471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee049e0311167f8b2022-04-04 14:01:07.077root 11241100x8000000000000000183470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048ed9738ff3996f2022-04-04 14:01:07.077root 11241100x8000000000000000183469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce04db4d1a9c0252022-04-04 14:01:07.077root 11241100x8000000000000000183468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9499abfb8df25edf2022-04-04 14:01:07.077root 11241100x8000000000000000183467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1a2b909255f20a2022-04-04 14:01:07.077root 11241100x8000000000000000183466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa63670e475784b12022-04-04 14:01:07.077root 11241100x8000000000000000183485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd536616dc4df22022-04-04 14:01:07.078root 11241100x8000000000000000183484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced9d39ddf581032022-04-04 14:01:07.078root 11241100x8000000000000000183483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49eca6bcbfb4d542022-04-04 14:01:07.078root 11241100x8000000000000000183482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033f1168658699792022-04-04 14:01:07.078root 11241100x8000000000000000183481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef28f08a6726c372022-04-04 14:01:07.078root 11241100x8000000000000000183480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b0ed1737d7b272022-04-04 14:01:07.078root 11241100x8000000000000000183479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/s