11241100x8000000000000000182431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274f794de20212132022-04-04 14:00:36.076root 11241100x8000000000000000182440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c78bf94f1c9ba82022-04-04 14:00:36.077root 11241100x8000000000000000182439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa304e2e8e030d52022-04-04 14:00:36.077root 11241100x8000000000000000182438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3bf82c3ed04e842022-04-04 14:00:36.077root 11241100x8000000000000000182437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6064fceb4b22422022-04-04 14:00:36.077root 11241100x8000000000000000182436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04136e99e00572682022-04-04 14:00:36.077root 11241100x8000000000000000182435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713ae85aa712e2f02022-04-04 14:00:36.077root 11241100x8000000000000000182434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f831899aad4982022-04-04 14:00:36.077root 11241100x8000000000000000182433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ff10e1fdbcfb422022-04-04 14:00:36.077root 11241100x8000000000000000182432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf1061b274e66f02022-04-04 14:00:36.077root 11241100x8000000000000000182442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66675dc089eebbb62022-04-04 14:00:36.078root 11241100x8000000000000000182441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6c289e0a55b1f2022-04-04 14:00:36.078root 11241100x8000000000000000182443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f368886a0f37d77b2022-04-04 14:00:36.576root 11241100x8000000000000000182454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f182809fa124ccd2022-04-04 14:00:36.577root 11241100x8000000000000000182453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bca934f4f5eff32022-04-04 14:00:36.577root 11241100x8000000000000000182452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9246e754d7cb1e2022-04-04 14:00:36.577root 11241100x8000000000000000182451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ffd3f8754224152022-04-04 14:00:36.577root 11241100x8000000000000000182450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943a5beccc4411512022-04-04 14:00:36.577root 11241100x8000000000000000182449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8649bb70617b6b92022-04-04 14:00:36.577root 11241100x8000000000000000182448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e08061b76a345102022-04-04 14:00:36.577root 11241100x8000000000000000182447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9f1eeac766bc482022-04-04 14:00:36.577root 11241100x8000000000000000182446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7c8866a03c7c682022-04-04 14:00:36.577root 11241100x8000000000000000182445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a80c1818ac60b92022-04-04 14:00:36.577root 11241100x8000000000000000182444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afc30094d13202c2022-04-04 14:00:36.577root 11241100x8000000000000000182455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a44ce30ec070bf2022-04-04 14:00:37.076root 11241100x8000000000000000182466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177cbf3b6bfbaca52022-04-04 14:00:37.077root 11241100x8000000000000000182465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27d67bf3881a95c2022-04-04 14:00:37.077root 11241100x8000000000000000182464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcbae24baeda6352022-04-04 14:00:37.077root 11241100x8000000000000000182463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849059c5b4f8f7b42022-04-04 14:00:37.077root 11241100x8000000000000000182462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7e024ff7badff2022-04-04 14:00:37.077root 11241100x8000000000000000182461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3269a845310c26da2022-04-04 14:00:37.077root 11241100x8000000000000000182460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eccaf4f6170ffd2022-04-04 14:00:37.077root 11241100x8000000000000000182459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa296b35025e8412022-04-04 14:00:37.077root 11241100x8000000000000000182458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc232fd92018759e2022-04-04 14:00:37.077root 11241100x8000000000000000182457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01417929061eeae2022-04-04 14:00:37.077root 11241100x8000000000000000182456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c2b5ff937b9622022-04-04 14:00:37.077root 354300x8000000000000000182467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.094{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34442-false10.0.1.12-8000- 11241100x8000000000000000182474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c63cbc0cf277c72022-04-04 14:00:37.577root 11241100x8000000000000000182473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8ec0caeec6f0372022-04-04 14:00:37.577root 11241100x8000000000000000182472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dfa86ef2c712e22022-04-04 14:00:37.577root 11241100x8000000000000000182471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362dad96b5b430422022-04-04 14:00:37.577root 11241100x8000000000000000182470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b291a22f1c159a2022-04-04 14:00:37.577root 11241100x8000000000000000182469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e863c4d7618b3dc52022-04-04 14:00:37.577root 11241100x8000000000000000182468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b98a80ade17962022-04-04 14:00:37.577root 11241100x8000000000000000182480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7371ef928022f2bb2022-04-04 14:00:37.578root 11241100x8000000000000000182479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b5d3f28ae41b872022-04-04 14:00:37.578root 11241100x8000000000000000182478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fe2e60be0343ba2022-04-04 14:00:37.578root 11241100x8000000000000000182477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c40c062ae7e0ec82022-04-04 14:00:37.578root 11241100x8000000000000000182476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c2e61b70791b12022-04-04 14:00:37.578root 11241100x8000000000000000182475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:37.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b077fa4e1f8803112022-04-04 14:00:37.578root 11241100x8000000000000000182482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91f96b6d96549d32022-04-04 14:00:38.076root 11241100x8000000000000000182481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298a1c2aec6dee1c2022-04-04 14:00:38.076root 11241100x8000000000000000182493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7208a8acacc21b2022-04-04 14:00:38.077root 11241100x8000000000000000182492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd138898c6d84a12022-04-04 14:00:38.077root 11241100x8000000000000000182491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da1d68ee5df16c42022-04-04 14:00:38.077root 11241100x8000000000000000182490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc4ad1ddd6906f92022-04-04 14:00:38.077root 11241100x8000000000000000182489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80def2a5cdd33e02022-04-04 14:00:38.077root 11241100x8000000000000000182488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bcf6d04620e1de2022-04-04 14:00:38.077root 11241100x8000000000000000182487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe55603dd1a2cb12022-04-04 14:00:38.077root 11241100x8000000000000000182486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5980d95c8d899dd42022-04-04 14:00:38.077root 11241100x8000000000000000182485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1989110fdd3a745e2022-04-04 14:00:38.077root 11241100x8000000000000000182484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a98de79b1a57d012022-04-04 14:00:38.077root 11241100x8000000000000000182483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b061da1a283312022-04-04 14:00:38.077root 11241100x8000000000000000182494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfa9bb99980e82f2022-04-04 14:00:38.576root 11241100x8000000000000000182506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18abf5552bd68f222022-04-04 14:00:38.577root 11241100x8000000000000000182505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d70ac97f6133262022-04-04 14:00:38.577root 11241100x8000000000000000182504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1653fa94277635ba2022-04-04 14:00:38.577root 11241100x8000000000000000182503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa005f840d665b232022-04-04 14:00:38.577root 11241100x8000000000000000182502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ef67c8fcf96f32022-04-04 14:00:38.577root 11241100x8000000000000000182501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc249fd9b2353b572022-04-04 14:00:38.577root 11241100x8000000000000000182500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7890e00854d10bdc2022-04-04 14:00:38.577root 11241100x8000000000000000182499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab9c2422d7228e62022-04-04 14:00:38.577root 11241100x8000000000000000182498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f6118d717d2fa92022-04-04 14:00:38.577root 11241100x8000000000000000182497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f227060b6694fc12022-04-04 14:00:38.577root 11241100x8000000000000000182496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6952231d83ae55bc2022-04-04 14:00:38.577root 11241100x8000000000000000182495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:38.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf650da482b6e2522022-04-04 14:00:38.577root 11241100x8000000000000000182516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3b6ea5ee24b3f2022-04-04 14:00:39.077root 11241100x8000000000000000182515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6969d9a4ed16ec3d2022-04-04 14:00:39.077root 11241100x8000000000000000182514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6897e91249ceefa82022-04-04 14:00:39.077root 11241100x8000000000000000182513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d635fd581067bf2022-04-04 14:00:39.077root 11241100x8000000000000000182512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b43f31f0ebf9f82022-04-04 14:00:39.077root 11241100x8000000000000000182511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce3245d7f69ff42022-04-04 14:00:39.077root 11241100x8000000000000000182510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56417ccb7136298e2022-04-04 14:00:39.077root 11241100x8000000000000000182509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8c99a6d0f967032022-04-04 14:00:39.077root 11241100x8000000000000000182508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a1edb3f48872d22022-04-04 14:00:39.077root 11241100x8000000000000000182507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775af301afaa957d2022-04-04 14:00:39.077root 11241100x8000000000000000182519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7475f29005996a012022-04-04 14:00:39.078root 11241100x8000000000000000182518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc01a304f4bf852c2022-04-04 14:00:39.078root 11241100x8000000000000000182517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3facad5a0ac1fa1e2022-04-04 14:00:39.078root 11241100x8000000000000000182531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dba1c360a5336222022-04-04 14:00:39.577root 11241100x8000000000000000182530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871de7e4fbd4cda2022-04-04 14:00:39.577root 11241100x8000000000000000182529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3eb875a0f1a63b2022-04-04 14:00:39.577root 11241100x8000000000000000182528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343dea57bd2cf2df2022-04-04 14:00:39.577root 11241100x8000000000000000182527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b3d417aae4ad902022-04-04 14:00:39.577root 11241100x8000000000000000182526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6560524efe2b6db2022-04-04 14:00:39.577root 11241100x8000000000000000182525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1698e745046b97552022-04-04 14:00:39.577root 11241100x8000000000000000182524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba61da3cc48183072022-04-04 14:00:39.577root 11241100x8000000000000000182523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbd7d7e016cd47c2022-04-04 14:00:39.577root 11241100x8000000000000000182522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdfcb27c06c0982022-04-04 14:00:39.577root 11241100x8000000000000000182521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b21cb8f01058c12022-04-04 14:00:39.577root 11241100x8000000000000000182520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a9fc6f0a48dc862022-04-04 14:00:39.577root 11241100x8000000000000000182532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:39.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536a9f2c8011e6b82022-04-04 14:00:39.578root 11241100x8000000000000000182535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e434dfcf9aa74de42022-04-04 14:00:40.076root 11241100x8000000000000000182534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9662199da29d7b432022-04-04 14:00:40.076root 11241100x8000000000000000182533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b28284c2ad0c20a2022-04-04 14:00:40.076root 11241100x8000000000000000182545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c19973dbe632c02022-04-04 14:00:40.077root 11241100x8000000000000000182544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36757d27e97cf4342022-04-04 14:00:40.077root 11241100x8000000000000000182543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311d8ace8c6bb5542022-04-04 14:00:40.077root 11241100x8000000000000000182542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af57f37aa5aa7212022-04-04 14:00:40.077root 11241100x8000000000000000182541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45acb74799834cfa2022-04-04 14:00:40.077root 11241100x8000000000000000182540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9207ee80f1e986a2022-04-04 14:00:40.077root 11241100x8000000000000000182539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea21688ee3e5b582022-04-04 14:00:40.077root 11241100x8000000000000000182538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc3898a9cd80b7f2022-04-04 14:00:40.077root 11241100x8000000000000000182537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24af498101efade2022-04-04 14:00:40.077root 11241100x8000000000000000182536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cda6c108cb1bc92022-04-04 14:00:40.077root 11241100x8000000000000000182549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57df9df8f034dadb2022-04-04 14:00:40.577root 11241100x8000000000000000182548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb70ae04270801e2022-04-04 14:00:40.577root 11241100x8000000000000000182547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d3bc319c38f8de2022-04-04 14:00:40.577root 11241100x8000000000000000182546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdadd8b031b98ef2022-04-04 14:00:40.577root 11241100x8000000000000000182558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654750f7f10ddca62022-04-04 14:00:40.578root 11241100x8000000000000000182557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2304b21db01910dd2022-04-04 14:00:40.578root 11241100x8000000000000000182556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c54da869fa6f8132022-04-04 14:00:40.578root 11241100x8000000000000000182555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1f2aab78875cb2022-04-04 14:00:40.578root 11241100x8000000000000000182554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79171919faf22372022-04-04 14:00:40.578root 11241100x8000000000000000182553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4af4cdca9e327c62022-04-04 14:00:40.578root 11241100x8000000000000000182552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebbcad4237a74b62022-04-04 14:00:40.578root 11241100x8000000000000000182551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af56526e0d964bac2022-04-04 14:00:40.578root 11241100x8000000000000000182550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:40.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b771e15f65828a72022-04-04 14:00:40.578root 11241100x8000000000000000182562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08db0b9ba2c8555c2022-04-04 14:00:41.076root 11241100x8000000000000000182561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2059343ce1667b2d2022-04-04 14:00:41.076root 11241100x8000000000000000182560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755f040559be7f242022-04-04 14:00:41.076root 11241100x8000000000000000182559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db600b1cdcf0091c2022-04-04 14:00:41.076root 11241100x8000000000000000182571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63ed75085490d842022-04-04 14:00:41.077root 11241100x8000000000000000182570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce56551efbd0f652022-04-04 14:00:41.077root 11241100x8000000000000000182569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc2d700d9a3340d2022-04-04 14:00:41.077root 11241100x8000000000000000182568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01722a746dec9982022-04-04 14:00:41.077root 11241100x8000000000000000182567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e628b6907e92d32022-04-04 14:00:41.077root 11241100x8000000000000000182566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e3e6152c2a06442022-04-04 14:00:41.077root 11241100x8000000000000000182565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873df7ad8cdfc3222022-04-04 14:00:41.077root 11241100x8000000000000000182564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0bd5e6b85e43be2022-04-04 14:00:41.077root 11241100x8000000000000000182563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa505cf3e6a20652022-04-04 14:00:41.077root 11241100x8000000000000000182584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadce3f8a179ea642022-04-04 14:00:41.577root 11241100x8000000000000000182583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ce9026b35ad9c92022-04-04 14:00:41.577root 11241100x8000000000000000182582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26685f567d6941f2022-04-04 14:00:41.577root 11241100x8000000000000000182581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916f9dd91d505a012022-04-04 14:00:41.577root 11241100x8000000000000000182580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2871caf0d27fd69d2022-04-04 14:00:41.577root 11241100x8000000000000000182579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54241f9b165971d22022-04-04 14:00:41.577root 11241100x8000000000000000182578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf9315167d826d2022-04-04 14:00:41.577root 11241100x8000000000000000182577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b08bb36cb9540b2022-04-04 14:00:41.577root 11241100x8000000000000000182576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b77a1e27e268f992022-04-04 14:00:41.577root 11241100x8000000000000000182575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6882ab48762f76fc2022-04-04 14:00:41.577root 11241100x8000000000000000182574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4276044fa5b3cdf2022-04-04 14:00:41.577root 11241100x8000000000000000182573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a35a25592bbe9c2022-04-04 14:00:41.577root 11241100x8000000000000000182572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:41.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd16e87eca08edc2022-04-04 14:00:41.577root 11241100x8000000000000000182585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3de1012a9fe2222022-04-04 14:00:42.076root 11241100x8000000000000000182596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31e3305ae5803c12022-04-04 14:00:42.077root 11241100x8000000000000000182595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783affa11c8115e22022-04-04 14:00:42.077root 11241100x8000000000000000182594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3b481a0e35e9652022-04-04 14:00:42.077root 11241100x8000000000000000182593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a164752edf11882022-04-04 14:00:42.077root 11241100x8000000000000000182592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77a042f0c1d0552022-04-04 14:00:42.077root 11241100x8000000000000000182591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a153294e653aac22022-04-04 14:00:42.077root 11241100x8000000000000000182590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee305f8bf978d63d2022-04-04 14:00:42.077root 11241100x8000000000000000182589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b5e177b95ebfdb2022-04-04 14:00:42.077root 11241100x8000000000000000182588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc305bd4327ff2b2022-04-04 14:00:42.077root 11241100x8000000000000000182587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56866f1165f7e03a2022-04-04 14:00:42.077root 11241100x8000000000000000182586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe39ba9653716192022-04-04 14:00:42.077root 11241100x8000000000000000182597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9eb0c375346db02022-04-04 14:00:42.078root 354300x8000000000000000182598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.127{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34444-false10.0.1.12-8000- 11241100x8000000000000000182599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b19687b6bfa3b092022-04-04 14:00:42.576root 11241100x8000000000000000182612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836d554a2a3880f2022-04-04 14:00:42.577root 11241100x8000000000000000182611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1972a4bf738d6252022-04-04 14:00:42.577root 11241100x8000000000000000182610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585a73bcbb225b612022-04-04 14:00:42.577root 11241100x8000000000000000182609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fa9e5d197a60792022-04-04 14:00:42.577root 11241100x8000000000000000182608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e03ee9a4a665302022-04-04 14:00:42.577root 11241100x8000000000000000182607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3755aff06c07db7c2022-04-04 14:00:42.577root 11241100x8000000000000000182606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff697300c9dd60042022-04-04 14:00:42.577root 11241100x8000000000000000182605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae77fcd560500092022-04-04 14:00:42.577root 11241100x8000000000000000182604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16993fe56cba4de2022-04-04 14:00:42.577root 11241100x8000000000000000182603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ce4525262ee1812022-04-04 14:00:42.577root 11241100x8000000000000000182602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a978614e232773492022-04-04 14:00:42.577root 11241100x8000000000000000182601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adfb7b5e6db17c02022-04-04 14:00:42.577root 11241100x8000000000000000182600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f8fc1140288f82022-04-04 14:00:42.577root 11241100x8000000000000000182623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e4454774c3fbe32022-04-04 14:00:43.077root 11241100x8000000000000000182622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989ee18ced5842d12022-04-04 14:00:43.077root 11241100x8000000000000000182621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e2d46967682ed92022-04-04 14:00:43.077root 11241100x8000000000000000182620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cc7a5aadffc8f82022-04-04 14:00:43.077root 11241100x8000000000000000182619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d5289cbf52e4742022-04-04 14:00:43.077root 11241100x8000000000000000182618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83f15997795aae52022-04-04 14:00:43.077root 11241100x8000000000000000182617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7484de8da3b316a02022-04-04 14:00:43.077root 11241100x8000000000000000182616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eaa0d20aba364a2022-04-04 14:00:43.077root 11241100x8000000000000000182615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbead2a13c4db0bb2022-04-04 14:00:43.077root 11241100x8000000000000000182614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351e67e2bb59121b2022-04-04 14:00:43.077root 11241100x8000000000000000182613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4023c9587b6b6a2022-04-04 14:00:43.077root 11241100x8000000000000000182626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d436feb3b047133c2022-04-04 14:00:43.078root 11241100x8000000000000000182625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c146392fe53bbec62022-04-04 14:00:43.078root 11241100x8000000000000000182624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98b602f48091e52022-04-04 14:00:43.078root 11241100x8000000000000000182628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd76a8bcf28b08e2022-04-04 14:00:43.576root 11241100x8000000000000000182627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f601e3e3defee1342022-04-04 14:00:43.576root 11241100x8000000000000000182640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859f5606c65db05f2022-04-04 14:00:43.577root 11241100x8000000000000000182639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd919b258158e22022-04-04 14:00:43.577root 11241100x8000000000000000182638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7f4e4d1885ea6a2022-04-04 14:00:43.577root 11241100x8000000000000000182637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6412ad799cbc3e1c2022-04-04 14:00:43.577root 11241100x8000000000000000182636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a4b95dcd1d40e42022-04-04 14:00:43.577root 11241100x8000000000000000182635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3bfb6dc97215b12022-04-04 14:00:43.577root 11241100x8000000000000000182634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27cabb90e3f8b942022-04-04 14:00:43.577root 11241100x8000000000000000182633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47ef1d0a14a0d4c2022-04-04 14:00:43.577root 11241100x8000000000000000182632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4e4b9331020ea2022-04-04 14:00:43.577root 11241100x8000000000000000182631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543f519d52f265782022-04-04 14:00:43.577root 11241100x8000000000000000182630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f3a36a614616822022-04-04 14:00:43.577root 11241100x8000000000000000182629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a64973d0a332212022-04-04 14:00:43.577root 11241100x8000000000000000182643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255159021aed2132022-04-04 14:00:44.076root 11241100x8000000000000000182642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87e99d521ae029c2022-04-04 14:00:44.076root 11241100x8000000000000000182641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75635173d49246992022-04-04 14:00:44.076root 11241100x8000000000000000182654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f373f9bfd5e2f1212022-04-04 14:00:44.077root 11241100x8000000000000000182653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5aac8dcfeefab2022-04-04 14:00:44.077root 11241100x8000000000000000182652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6081963531ae75172022-04-04 14:00:44.077root 11241100x8000000000000000182651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4693294db1029db2022-04-04 14:00:44.077root 11241100x8000000000000000182650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288cefe4cfb7a00a2022-04-04 14:00:44.077root 11241100x8000000000000000182649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7d96391497c7672022-04-04 14:00:44.077root 11241100x8000000000000000182648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4679a8be7b7431452022-04-04 14:00:44.077root 11241100x8000000000000000182647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49f4304fef35e462022-04-04 14:00:44.077root 11241100x8000000000000000182646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98a2b42d0891be2022-04-04 14:00:44.077root 11241100x8000000000000000182645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93feb277a4dbcf1f2022-04-04 14:00:44.077root 11241100x8000000000000000182644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ed6ea5abac30cb2022-04-04 14:00:44.077root 11241100x8000000000000000182655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550364167a65d4782022-04-04 14:00:44.576root 11241100x8000000000000000182668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a75917500129e062022-04-04 14:00:44.577root 11241100x8000000000000000182667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b7554f15c79d802022-04-04 14:00:44.577root 11241100x8000000000000000182666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9070df70ba97f0952022-04-04 14:00:44.577root 11241100x8000000000000000182665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d99608714b2a58e2022-04-04 14:00:44.577root 11241100x8000000000000000182664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54335b5b8dfb2f442022-04-04 14:00:44.577root 11241100x8000000000000000182663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288eb1a63c0cd8512022-04-04 14:00:44.577root 11241100x8000000000000000182662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85edeb203d1a6cb72022-04-04 14:00:44.577root 11241100x8000000000000000182661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59ce31ae68cd1f82022-04-04 14:00:44.577root 11241100x8000000000000000182660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745428880d66c6302022-04-04 14:00:44.577root 11241100x8000000000000000182659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a678d9eeb89fa6a72022-04-04 14:00:44.577root 11241100x8000000000000000182658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e6d658d6750cfe2022-04-04 14:00:44.577root 11241100x8000000000000000182657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c67534ef17eb3d2022-04-04 14:00:44.577root 11241100x8000000000000000182656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44310019f5b74bb2022-04-04 14:00:44.577root 11241100x8000000000000000182669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8da9a668dd7b1d52022-04-04 14:00:45.076root 11241100x8000000000000000182682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc23bae5c30b8b5f2022-04-04 14:00:45.077root 11241100x8000000000000000182681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ac764cdf2fe6172022-04-04 14:00:45.077root 11241100x8000000000000000182680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12a2a56b919ca142022-04-04 14:00:45.077root 11241100x8000000000000000182679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b394291c26d9d92022-04-04 14:00:45.077root 11241100x8000000000000000182678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c6d3730b4b27102022-04-04 14:00:45.077root 11241100x8000000000000000182677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3367fd02d096f04b2022-04-04 14:00:45.077root 11241100x8000000000000000182676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf26330e04f947892022-04-04 14:00:45.077root 11241100x8000000000000000182675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244c7d9a721a71242022-04-04 14:00:45.077root 11241100x8000000000000000182674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb2521252793e52022-04-04 14:00:45.077root 11241100x8000000000000000182673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27730dd088bb9a092022-04-04 14:00:45.077root 11241100x8000000000000000182672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90901f943b9aa3d92022-04-04 14:00:45.077root 11241100x8000000000000000182671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b9b9ce9ba63bbb2022-04-04 14:00:45.077root 11241100x8000000000000000182670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fee2cd01633c572022-04-04 14:00:45.077root 11241100x8000000000000000182683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f4b0e9b59e10a32022-04-04 14:00:45.576root 11241100x8000000000000000182696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c249ed5f60b8a022022-04-04 14:00:45.577root 11241100x8000000000000000182695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b3cfe2ec6c6bb82022-04-04 14:00:45.577root 11241100x8000000000000000182694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e722f1a34d3cd462022-04-04 14:00:45.577root 11241100x8000000000000000182693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ced71298e372a4a2022-04-04 14:00:45.577root 11241100x8000000000000000182692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b384b418d30a1d6e2022-04-04 14:00:45.577root 11241100x8000000000000000182691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadeb52cff0cc77b2022-04-04 14:00:45.577root 11241100x8000000000000000182690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de2eb69809b7b332022-04-04 14:00:45.577root 11241100x8000000000000000182689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08706cc594ba18302022-04-04 14:00:45.577root 11241100x8000000000000000182688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233137cf4275f4b52022-04-04 14:00:45.577root 11241100x8000000000000000182687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b8b3f3a13fcb12022-04-04 14:00:45.577root 11241100x8000000000000000182686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2455a1534a3d2fc2022-04-04 14:00:45.577root 11241100x8000000000000000182685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3284bc2c21d3a5b62022-04-04 14:00:45.577root 11241100x8000000000000000182684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d301fa6a696dda2022-04-04 14:00:45.577root 11241100x8000000000000000182702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d48d44c5c7d224e2022-04-04 14:00:46.077root 11241100x8000000000000000182701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090ccd660d50262f2022-04-04 14:00:46.077root 11241100x8000000000000000182700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b994f808b265c3e72022-04-04 14:00:46.077root 11241100x8000000000000000182699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc58017d523a9e42022-04-04 14:00:46.077root 11241100x8000000000000000182698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7db6444db7aea832022-04-04 14:00:46.077root 11241100x8000000000000000182697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bf45fd7062e1cd2022-04-04 14:00:46.077root 11241100x8000000000000000182709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32364cf4837ba602022-04-04 14:00:46.078root 11241100x8000000000000000182708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801b2c2829a40b552022-04-04 14:00:46.078root 11241100x8000000000000000182707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0539b81af70c0f412022-04-04 14:00:46.078root 11241100x8000000000000000182706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b128854b80641b972022-04-04 14:00:46.078root 11241100x8000000000000000182705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccca148b0f94c522022-04-04 14:00:46.078root 11241100x8000000000000000182704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeb6eefb4117f822022-04-04 14:00:46.078root 11241100x8000000000000000182703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1e44cd83ded6fe2022-04-04 14:00:46.078root 11241100x8000000000000000182710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e72a4a40beab52022-04-04 14:00:46.079root 11241100x8000000000000000182718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf65959c59ceb7a2022-04-04 14:00:46.577root 11241100x8000000000000000182717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2103468aad410be02022-04-04 14:00:46.577root 11241100x8000000000000000182716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354ad0b6e9aec2162022-04-04 14:00:46.577root 11241100x8000000000000000182715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccd716c80940c4d2022-04-04 14:00:46.577root 11241100x8000000000000000182714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9fa729d5df33a12022-04-04 14:00:46.577root 11241100x8000000000000000182713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1180cade9137af642022-04-04 14:00:46.577root 11241100x8000000000000000182712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83322f78c9739b62022-04-04 14:00:46.577root 11241100x8000000000000000182711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd26fbbca52c2ba2022-04-04 14:00:46.577root 11241100x8000000000000000182724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eff201991b655f2022-04-04 14:00:46.578root 11241100x8000000000000000182723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e41dfc966b8d78f2022-04-04 14:00:46.578root 11241100x8000000000000000182722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c957fa757566e12022-04-04 14:00:46.578root 11241100x8000000000000000182721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51a37fe0ae1be802022-04-04 14:00:46.578root 11241100x8000000000000000182720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c898ab7135e09932022-04-04 14:00:46.578root 11241100x8000000000000000182719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f894e8927e55182022-04-04 14:00:46.578root 11241100x8000000000000000182733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c2d831e35dcfad2022-04-04 14:00:47.077root 11241100x8000000000000000182732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7256a0fb60c89e4a2022-04-04 14:00:47.077root 11241100x8000000000000000182731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8752535dd5a28a552022-04-04 14:00:47.077root 11241100x8000000000000000182730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c173b05e539647f2022-04-04 14:00:47.077root 11241100x8000000000000000182729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36622086558e06382022-04-04 14:00:47.077root 11241100x8000000000000000182728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e3ef6aba8368352022-04-04 14:00:47.077root 11241100x8000000000000000182727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32a431d2055a15d2022-04-04 14:00:47.077root 11241100x8000000000000000182726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b1f9d1631c66d32022-04-04 14:00:47.077root 11241100x8000000000000000182725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b055aa592941f43e2022-04-04 14:00:47.077root 11241100x8000000000000000182738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e7eef568513ec52022-04-04 14:00:47.078root 11241100x8000000000000000182737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4072167a18cb9f522022-04-04 14:00:47.078root 11241100x8000000000000000182736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d120d52fc842282022-04-04 14:00:47.078root 11241100x8000000000000000182735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ce9273684342f2022-04-04 14:00:47.078root 11241100x8000000000000000182734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1d829409ddac5e2022-04-04 14:00:47.078root 354300x8000000000000000182739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.240{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34446-false10.0.1.12-8000- 11241100x8000000000000000182751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a3232f15512af12022-04-04 14:00:47.577root 11241100x8000000000000000182750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d947018fe1e90c2022-04-04 14:00:47.577root 11241100x8000000000000000182749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db71b70652827f92022-04-04 14:00:47.577root 11241100x8000000000000000182748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18da7c471735b0022022-04-04 14:00:47.577root 11241100x8000000000000000182747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b09a6ce1b920e1a2022-04-04 14:00:47.577root 11241100x8000000000000000182746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8278ee11444a2052022-04-04 14:00:47.577root 11241100x8000000000000000182745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1f546090c4f3e52022-04-04 14:00:47.577root 11241100x8000000000000000182744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5261c4f16849ede2022-04-04 14:00:47.577root 11241100x8000000000000000182743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbe5294efd7d6672022-04-04 14:00:47.577root 11241100x8000000000000000182742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a5b031bf52b3002022-04-04 14:00:47.577root 11241100x8000000000000000182741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9535a1c557d227c2022-04-04 14:00:47.577root 11241100x8000000000000000182740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9a77c2368652812022-04-04 14:00:47.577root 11241100x8000000000000000182754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7491bcc37afeb422022-04-04 14:00:47.578root 11241100x8000000000000000182753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903d7b6cde1170002022-04-04 14:00:47.578root 11241100x8000000000000000182752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b279bcf94a11df62022-04-04 14:00:47.578root 11241100x8000000000000000182764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f6e5cf66d992242022-04-04 14:00:48.077root 11241100x8000000000000000182763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02ce8d3a3acee282022-04-04 14:00:48.077root 11241100x8000000000000000182762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd3c14045e43bb62022-04-04 14:00:48.077root 11241100x8000000000000000182761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6cfb34b83f212c2022-04-04 14:00:48.077root 11241100x8000000000000000182760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f771b90475440cf2022-04-04 14:00:48.077root 11241100x8000000000000000182759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efdaf418ec69f662022-04-04 14:00:48.077root 11241100x8000000000000000182758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c30e0310377aeb2022-04-04 14:00:48.077root 11241100x8000000000000000182757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feebb4174de6bb5e2022-04-04 14:00:48.077root 11241100x8000000000000000182756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7947a7c2fb37112022-04-04 14:00:48.077root 11241100x8000000000000000182755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2051f50db802f912022-04-04 14:00:48.077root 11241100x8000000000000000182769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32aa09bc0d6d94f2022-04-04 14:00:48.078root 11241100x8000000000000000182768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e028c6c4550551772022-04-04 14:00:48.078root 11241100x8000000000000000182767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecb956f8ad24c552022-04-04 14:00:48.078root 11241100x8000000000000000182766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d973af1ced1060322022-04-04 14:00:48.078root 11241100x8000000000000000182765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62f110435088042022-04-04 14:00:48.078root 11241100x8000000000000000182771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9782648cb214b9212022-04-04 14:00:48.576root 11241100x8000000000000000182770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c378c8882e81312022-04-04 14:00:48.576root 11241100x8000000000000000182783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efffc47cad7d3ccb2022-04-04 14:00:48.577root 11241100x8000000000000000182782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270f5fe587247e4c2022-04-04 14:00:48.577root 11241100x8000000000000000182781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1babbb61fbe54f2022-04-04 14:00:48.577root 11241100x8000000000000000182780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0a7d05b61f25212022-04-04 14:00:48.577root 11241100x8000000000000000182779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12946f6d7ad23bca2022-04-04 14:00:48.577root 11241100x8000000000000000182778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88a1f5c370bfd5c2022-04-04 14:00:48.577root 11241100x8000000000000000182777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168488745138f6402022-04-04 14:00:48.577root 11241100x8000000000000000182776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f5bc9656ad4882022-04-04 14:00:48.577root 11241100x8000000000000000182775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e447a3b418da82022-04-04 14:00:48.577root 11241100x8000000000000000182774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e2274ad2cf5b6f2022-04-04 14:00:48.577root 11241100x8000000000000000182773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f88961c46fc6e2022-04-04 14:00:48.577root 11241100x8000000000000000182772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827e2938dc0250522022-04-04 14:00:48.577root 11241100x8000000000000000182784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a8d07abb21eb912022-04-04 14:00:48.578root 11241100x8000000000000000182785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f65ec8b48ce872022-04-04 14:00:49.076root 11241100x8000000000000000182792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24a713e80dc6a9e2022-04-04 14:00:49.077root 11241100x8000000000000000182791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee1ce45cde8d93d2022-04-04 14:00:49.077root 11241100x8000000000000000182790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfb89323e23106f2022-04-04 14:00:49.077root 11241100x8000000000000000182789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8002cc2c65a4e2662022-04-04 14:00:49.077root 11241100x8000000000000000182788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cede845311e1a62022-04-04 14:00:49.077root 11241100x8000000000000000182787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522805e19eb3a7a62022-04-04 14:00:49.077root 11241100x8000000000000000182786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fd53fc63633142022-04-04 14:00:49.077root 11241100x8000000000000000182799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a9acad6447a8aa2022-04-04 14:00:49.078root 11241100x8000000000000000182798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42bb8407465ebfe2022-04-04 14:00:49.078root 11241100x8000000000000000182797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2eaeee196a8172022-04-04 14:00:49.078root 11241100x8000000000000000182796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ed703e5e13026d2022-04-04 14:00:49.078root 11241100x8000000000000000182795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40ed41707ef2a202022-04-04 14:00:49.078root 11241100x8000000000000000182794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813d2c34da61f212022-04-04 14:00:49.078root 11241100x8000000000000000182793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1659f646b74b0c3b2022-04-04 14:00:49.078root 11241100x8000000000000000182800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af38c3bc3a0b55ab2022-04-04 14:00:49.576root 11241100x8000000000000000182806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ddc901510bc1c32022-04-04 14:00:49.577root 11241100x8000000000000000182805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3f7075c0c3e2e22022-04-04 14:00:49.577root 11241100x8000000000000000182804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f365ee1b07e83b6d2022-04-04 14:00:49.577root 11241100x8000000000000000182803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c75c791dd6ae3a2022-04-04 14:00:49.577root 11241100x8000000000000000182802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a22b2a6048212a22022-04-04 14:00:49.577root 11241100x8000000000000000182801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6225e6aad54461312022-04-04 14:00:49.577root 11241100x8000000000000000182814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae5d8905381a4672022-04-04 14:00:49.578root 11241100x8000000000000000182813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb871789794cc2132022-04-04 14:00:49.578root 11241100x8000000000000000182812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3dcd79f8f6ea0a2022-04-04 14:00:49.578root 11241100x8000000000000000182811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949588f7093f7de62022-04-04 14:00:49.578root 11241100x8000000000000000182810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3eabb0fc011f042022-04-04 14:00:49.578root 11241100x8000000000000000182809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e97ce49156e6f42022-04-04 14:00:49.578root 11241100x8000000000000000182808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d4a8efe78c120b2022-04-04 14:00:49.578root 11241100x8000000000000000182807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177670d4bed4e032022-04-04 14:00:49.578root 11241100x8000000000000000182827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47dae30563378882022-04-04 14:00:50.077root 11241100x8000000000000000182826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39643f75cff862312022-04-04 14:00:50.077root 11241100x8000000000000000182825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213834265c72b4d32022-04-04 14:00:50.077root 11241100x8000000000000000182824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4366aeb2ee60a79d2022-04-04 14:00:50.077root 11241100x8000000000000000182823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbc1d20d64825d12022-04-04 14:00:50.077root 11241100x8000000000000000182822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732fc78cb8ca3fe52022-04-04 14:00:50.077root 11241100x8000000000000000182821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4efc27126f29ad72022-04-04 14:00:50.077root 11241100x8000000000000000182820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4232d4f0bd41401d2022-04-04 14:00:50.077root 11241100x8000000000000000182819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e42c80daa1df22022-04-04 14:00:50.077root 11241100x8000000000000000182818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d933034c605e072022-04-04 14:00:50.077root 11241100x8000000000000000182817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d4cbd31c54aab32022-04-04 14:00:50.077root 11241100x8000000000000000182816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b99569b1b73af2022-04-04 14:00:50.077root 11241100x8000000000000000182815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d640f26d9f6465672022-04-04 14:00:50.077root 11241100x8000000000000000182829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfacdefdd14bbfbe2022-04-04 14:00:50.078root 11241100x8000000000000000182828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b942ccde0aa176b2022-04-04 14:00:50.078root 11241100x8000000000000000182841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cc605a681ab72e2022-04-04 14:00:50.577root 11241100x8000000000000000182840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a461bfd763a8932022-04-04 14:00:50.577root 11241100x8000000000000000182839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef89147a64e854e02022-04-04 14:00:50.577root 11241100x8000000000000000182838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa8a91e5f5720be2022-04-04 14:00:50.577root 11241100x8000000000000000182837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10855c7769d199c2022-04-04 14:00:50.577root 11241100x8000000000000000182836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dd36c304af5ea32022-04-04 14:00:50.577root 11241100x8000000000000000182835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9495840f1d94386b2022-04-04 14:00:50.577root 11241100x8000000000000000182834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6224afe28e1fbc2022-04-04 14:00:50.577root 11241100x8000000000000000182833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334738aa2292d7142022-04-04 14:00:50.577root 11241100x8000000000000000182832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802f4a59ea98cf7b2022-04-04 14:00:50.577root 11241100x8000000000000000182831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5be7ca2e4d55182022-04-04 14:00:50.577root 11241100x8000000000000000182830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939e6bdfcb31ffcc2022-04-04 14:00:50.577root 11241100x8000000000000000182844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7d438520270c372022-04-04 14:00:50.578root 11241100x8000000000000000182843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c69fe2176e9332022-04-04 14:00:50.578root 11241100x8000000000000000182842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129b10ee02023de52022-04-04 14:00:50.578root 11241100x8000000000000000182845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179cc851e413a02a2022-04-04 14:00:51.076root 11241100x8000000000000000182849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0f6b5d93e1716f2022-04-04 14:00:51.077root 11241100x8000000000000000182848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271c9d5e825d72382022-04-04 14:00:51.077root 11241100x8000000000000000182847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf0d422fb19e9492022-04-04 14:00:51.077root 11241100x8000000000000000182846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077fb927d8363e002022-04-04 14:00:51.077root 11241100x8000000000000000182859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c21a0357f574602022-04-04 14:00:51.078root 11241100x8000000000000000182858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1964d3141aa07e392022-04-04 14:00:51.078root 11241100x8000000000000000182857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cdf979e6db820a2022-04-04 14:00:51.078root 11241100x8000000000000000182856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa57e925e464cac32022-04-04 14:00:51.078root 11241100x8000000000000000182855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa5a1af05aead3c2022-04-04 14:00:51.078root 11241100x8000000000000000182854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfc49282e5718792022-04-04 14:00:51.078root 11241100x8000000000000000182853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464b39e7454575e12022-04-04 14:00:51.078root 11241100x8000000000000000182852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b80de57cc2ebe32022-04-04 14:00:51.078root 11241100x8000000000000000182851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05369189ff36ae5d2022-04-04 14:00:51.078root 11241100x8000000000000000182850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0480d1cc05efc08c2022-04-04 14:00:51.078root 11241100x8000000000000000182866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27091d01f3c538fb2022-04-04 14:00:51.577root 11241100x8000000000000000182865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7133e3adb25432012022-04-04 14:00:51.577root 11241100x8000000000000000182864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5212e2328444cc62022-04-04 14:00:51.577root 11241100x8000000000000000182863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c24ca8c6c979022022-04-04 14:00:51.577root 11241100x8000000000000000182862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f985f25c00b18d72022-04-04 14:00:51.577root 11241100x8000000000000000182861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e32dde1c7581cd2022-04-04 14:00:51.577root 11241100x8000000000000000182860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3572b93cb93c5172022-04-04 14:00:51.577root 11241100x8000000000000000182874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2cc7dfcd8a20ca2022-04-04 14:00:51.578root 11241100x8000000000000000182873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18a136abbdbadb2022-04-04 14:00:51.578root 11241100x8000000000000000182872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4898070e8aa9852022-04-04 14:00:51.578root 11241100x8000000000000000182871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9831d800df5ed9bf2022-04-04 14:00:51.578root 11241100x8000000000000000182870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9024967436a1ce02022-04-04 14:00:51.578root 11241100x8000000000000000182869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c511c78c1d1ad022022-04-04 14:00:51.578root 11241100x8000000000000000182868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb6c15cd9c7f7322022-04-04 14:00:51.578root 11241100x8000000000000000182867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd28cdd164510f292022-04-04 14:00:51.578root 11241100x8000000000000000182884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d3cabd83462be2022-04-04 14:00:52.077root 11241100x8000000000000000182883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68032843fd525f2022-04-04 14:00:52.077root 11241100x8000000000000000182882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5fabf7de6570f82022-04-04 14:00:52.077root 11241100x8000000000000000182881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c08c2510356ba2022-04-04 14:00:52.077root 11241100x8000000000000000182880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0773a0c3d4abe5e72022-04-04 14:00:52.077root 11241100x8000000000000000182879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241437fcca2493102022-04-04 14:00:52.077root 11241100x8000000000000000182878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d6c63fe547cf8a2022-04-04 14:00:52.077root 11241100x8000000000000000182877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf724e3e3e7829b2022-04-04 14:00:52.077root 11241100x8000000000000000182876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd2bd977ba6e07c2022-04-04 14:00:52.077root 11241100x8000000000000000182875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eae4e15d864e562022-04-04 14:00:52.077root 11241100x8000000000000000182889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c208911516ab978b2022-04-04 14:00:52.078root 11241100x8000000000000000182888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab70ba6f66d8e3172022-04-04 14:00:52.078root 11241100x8000000000000000182887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5b1ee109fc3aef2022-04-04 14:00:52.078root 11241100x8000000000000000182886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd82e0e5f83ab6d2022-04-04 14:00:52.078root 11241100x8000000000000000182885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58486ffa461b236e2022-04-04 14:00:52.078root 11241100x8000000000000000182892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c973c84d73f8682022-04-04 14:00:52.576root 11241100x8000000000000000182891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3046a10e8a685b112022-04-04 14:00:52.576root 11241100x8000000000000000182890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6053ad4195b9cd22022-04-04 14:00:52.576root 11241100x8000000000000000182901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a32dd5238a4ff2022-04-04 14:00:52.577root 11241100x8000000000000000182900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5fddd3c42dd80c2022-04-04 14:00:52.577root 11241100x8000000000000000182899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3939701c3f633cb2022-04-04 14:00:52.577root 11241100x8000000000000000182898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef7375f7c4907b2022-04-04 14:00:52.577root 11241100x8000000000000000182897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5e44b11ecc3d282022-04-04 14:00:52.577root 11241100x8000000000000000182896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac9998e722427582022-04-04 14:00:52.577root 11241100x8000000000000000182895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b369e52990c936be2022-04-04 14:00:52.577root 11241100x8000000000000000182894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26832aee026471b72022-04-04 14:00:52.577root 11241100x8000000000000000182893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826db99dcc1483492022-04-04 14:00:52.577root 11241100x8000000000000000182904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fab391f137dbd12022-04-04 14:00:52.578root 11241100x8000000000000000182903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4b606c295236e62022-04-04 14:00:52.578root 11241100x8000000000000000182902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c2a5dbc01e82da2022-04-04 14:00:52.578root 11241100x8000000000000000182912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505893a1cc57aef2022-04-04 14:00:53.077root 11241100x8000000000000000182911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8f5b1621f182452022-04-04 14:00:53.077root 11241100x8000000000000000182910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a42c8b9e9b4ed62022-04-04 14:00:53.077root 11241100x8000000000000000182909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a9c57a1a8da3532022-04-04 14:00:53.077root 11241100x8000000000000000182908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b94615a1c5bbd12022-04-04 14:00:53.077root 11241100x8000000000000000182907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1acd1a312ead42022-04-04 14:00:53.077root 11241100x8000000000000000182906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485cf7c8728a99932022-04-04 14:00:53.077root 11241100x8000000000000000182905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba9e3f17d125e532022-04-04 14:00:53.077root 11241100x8000000000000000182919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef922acee632b02022-04-04 14:00:53.078root 11241100x8000000000000000182918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02425b08094e3b072022-04-04 14:00:53.078root 11241100x8000000000000000182917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48868ca52eb89bbd2022-04-04 14:00:53.078root 11241100x8000000000000000182916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c93a8d440543862022-04-04 14:00:53.078root 11241100x8000000000000000182915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbd8c24e392e31f2022-04-04 14:00:53.078root 11241100x8000000000000000182914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a819a6a295a07aeb2022-04-04 14:00:53.078root 11241100x8000000000000000182913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86174634b2912ff2022-04-04 14:00:53.078root 354300x8000000000000000182920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.085{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34448-false10.0.1.12-8000- 11241100x8000000000000000182929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4786d7027bd2bb202022-04-04 14:00:53.577root 11241100x8000000000000000182928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a0fb816428b4982022-04-04 14:00:53.577root 11241100x8000000000000000182927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c5db4cc5dce5f32022-04-04 14:00:53.577root 11241100x8000000000000000182926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfc443c033e28e42022-04-04 14:00:53.577root 11241100x8000000000000000182925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675e69608671744e2022-04-04 14:00:53.577root 11241100x8000000000000000182924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b751e75832c6cd22022-04-04 14:00:53.577root 11241100x8000000000000000182923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3910811c4c47772022-04-04 14:00:53.577root 11241100x8000000000000000182922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6233e3041450d6fd2022-04-04 14:00:53.577root 11241100x8000000000000000182921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c90319d98f678f02022-04-04 14:00:53.577root 11241100x8000000000000000182936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25ca91987f36e52022-04-04 14:00:53.578root 11241100x8000000000000000182935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c48b97df7fd33d2022-04-04 14:00:53.578root 11241100x8000000000000000182934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced4a0c80ff56992022-04-04 14:00:53.578root 11241100x8000000000000000182933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab0366e90e1dc52022-04-04 14:00:53.578root 11241100x8000000000000000182932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65d6f4456403bc2022-04-04 14:00:53.578root 11241100x8000000000000000182931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef940f0755c6ed2022-04-04 14:00:53.578root 11241100x8000000000000000182930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:53.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06d6c96ea73277c2022-04-04 14:00:53.578root 11241100x8000000000000000182939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ebd0ce03d0b26a2022-04-04 14:00:54.076root 11241100x8000000000000000182938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91288c3b6afc5f092022-04-04 14:00:54.076root 11241100x8000000000000000182937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b53742892bb44412022-04-04 14:00:54.076root 11241100x8000000000000000182951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcaa347a2244eb72022-04-04 14:00:54.077root 11241100x8000000000000000182950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adffe7deb6f7fe02022-04-04 14:00:54.077root 11241100x8000000000000000182949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bf49ac8d17c30b2022-04-04 14:00:54.077root 11241100x8000000000000000182948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999886a34f3fb40a2022-04-04 14:00:54.077root 11241100x8000000000000000182947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bccb3746299dd62022-04-04 14:00:54.077root 11241100x8000000000000000182946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6f34f9b8a298212022-04-04 14:00:54.077root 11241100x8000000000000000182945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63d210e0a9e19882022-04-04 14:00:54.077root 11241100x8000000000000000182944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d41a2b9dc77052022-04-04 14:00:54.077root 11241100x8000000000000000182943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6894ee6ede4e85082022-04-04 14:00:54.077root 11241100x8000000000000000182942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ea50d3b1c437252022-04-04 14:00:54.077root 11241100x8000000000000000182941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a6de9caab63f12022-04-04 14:00:54.077root 11241100x8000000000000000182940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5360b9fd6568e3a92022-04-04 14:00:54.077root 11241100x8000000000000000182953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8feb3c0da17acf4a2022-04-04 14:00:54.078root 11241100x8000000000000000182952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ee38552f83d5882022-04-04 14:00:54.078root 11241100x8000000000000000182954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a097ab52dfe07742022-04-04 14:00:54.576root 11241100x8000000000000000182966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9c200f112b3562022-04-04 14:00:54.577root 11241100x8000000000000000182965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5e0bb96dc0301c2022-04-04 14:00:54.577root 11241100x8000000000000000182964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca458c9ff2958f542022-04-04 14:00:54.577root 11241100x8000000000000000182963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6021c817b13f5fa82022-04-04 14:00:54.577root 11241100x8000000000000000182962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a86972cc1c8a0602022-04-04 14:00:54.577root 11241100x8000000000000000182961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8d36158e58a52f2022-04-04 14:00:54.577root 11241100x8000000000000000182960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d22a588a82bfd12022-04-04 14:00:54.577root 11241100x8000000000000000182959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32052d5c246a7522022-04-04 14:00:54.577root 11241100x8000000000000000182958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad230e87a24563b2022-04-04 14:00:54.577root 11241100x8000000000000000182957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1031cfb4a093e8112022-04-04 14:00:54.577root 11241100x8000000000000000182956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7db14acca4fb4ad2022-04-04 14:00:54.577root 11241100x8000000000000000182955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0acf13e3fe3a312022-04-04 14:00:54.577root 11241100x8000000000000000182969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d1b79916dc1fca2022-04-04 14:00:54.578root 11241100x8000000000000000182968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcf4029d461e7842022-04-04 14:00:54.578root 11241100x8000000000000000182967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:54.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a6c8a6dd2ece902022-04-04 14:00:54.578root 11241100x8000000000000000182971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c0e1a3375a0e52022-04-04 14:00:55.076root 11241100x8000000000000000182970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5c1e3db4ce6be2022-04-04 14:00:55.076root 11241100x8000000000000000182985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab7b55ac16b19522022-04-04 14:00:55.077root 11241100x8000000000000000182984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb278cc9de666a2022-04-04 14:00:55.077root 11241100x8000000000000000182983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aef25dfc00b63b52022-04-04 14:00:55.077root 11241100x8000000000000000182982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a22fae9a2d3fc082022-04-04 14:00:55.077root 11241100x8000000000000000182981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd71341437fb8dfc2022-04-04 14:00:55.077root 11241100x8000000000000000182980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6852be1ca3c79e2022-04-04 14:00:55.077root 11241100x8000000000000000182979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8e204a33886f1d2022-04-04 14:00:55.077root 11241100x8000000000000000182978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67b6d4b40a8fa642022-04-04 14:00:55.077root 11241100x8000000000000000182977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca4a1b396e9bf112022-04-04 14:00:55.077root 11241100x8000000000000000182976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47bbc4afd0e1e062022-04-04 14:00:55.077root 11241100x8000000000000000182975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe5720048ae11ed2022-04-04 14:00:55.077root 11241100x8000000000000000182974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e781f53dbcbcc5322022-04-04 14:00:55.077root 11241100x8000000000000000182973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1def9f2200bbbb702022-04-04 14:00:55.077root 11241100x8000000000000000182972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4700a171cbc89fbe2022-04-04 14:00:55.077root 11241100x8000000000000000182987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d1febfca76c71d2022-04-04 14:00:55.576root 11241100x8000000000000000182986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac3e4abb7452692022-04-04 14:00:55.576root 11241100x8000000000000000183001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb49ced27e3f0e72022-04-04 14:00:55.577root 11241100x8000000000000000183000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ffe08c1451746d2022-04-04 14:00:55.577root 11241100x8000000000000000182999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e605a0b4b852c542022-04-04 14:00:55.577root 11241100x8000000000000000182998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85834ba198369ebe2022-04-04 14:00:55.577root 11241100x8000000000000000182997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363248dc56bf7a3e2022-04-04 14:00:55.577root 11241100x8000000000000000182996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e279c696e2da6b7e2022-04-04 14:00:55.577root 11241100x8000000000000000182995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c96c6ed44a51102022-04-04 14:00:55.577root 11241100x8000000000000000182994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37913e86e381fe1b2022-04-04 14:00:55.577root 11241100x8000000000000000182993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475ab5978eed6ea62022-04-04 14:00:55.577root 11241100x8000000000000000182992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa40cee1bd2c9d92022-04-04 14:00:55.577root 11241100x8000000000000000182991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac82992e5c53722022-04-04 14:00:55.577root 11241100x8000000000000000182990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ef8601ec5e38162022-04-04 14:00:55.577root 11241100x8000000000000000182989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58958b928743ae52022-04-04 14:00:55.577root 11241100x8000000000000000182988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa400eb03b67762022-04-04 14:00:55.577root 154100x8000000000000000183002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.933{ec21797c-fa17-624a-6864-4ef1aa550000}5982/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec21797c-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2317--- 11241100x8000000000000000183004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.934{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c2246a496e52f2022-04-04 14:00:55.934root 11241100x8000000000000000183003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.934{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d81539e26d7be2022-04-04 14:00:55.934root 11241100x8000000000000000183007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.935{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e4606ea20bd1d2022-04-04 14:00:55.935root 11241100x8000000000000000183006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.935{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8446733d1bb2552022-04-04 14:00:55.935root 11241100x8000000000000000183005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.935{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab93bdbbb27f7aa92022-04-04 14:00:55.935root 11241100x8000000000000000183013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c0beb8c2c17de2022-04-04 14:00:55.936root 11241100x8000000000000000183012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e597566de8a94e2022-04-04 14:00:55.936root 11241100x8000000000000000183011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea22319a4e0897a2022-04-04 14:00:55.936root 11241100x8000000000000000183010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f85975a4b0678682022-04-04 14:00:55.936root 11241100x8000000000000000183009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f97cdb56e3c5c12022-04-04 14:00:55.936root 11241100x8000000000000000183008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.936{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d62b14fc9b23202022-04-04 14:00:55.936root 11241100x8000000000000000183019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be1af2d3c3283832022-04-04 14:00:55.937root 11241100x8000000000000000183018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53d1e1f0c419e572022-04-04 14:00:55.937root 11241100x8000000000000000183017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc636e54a0fa33292022-04-04 14:00:55.937root 11241100x8000000000000000183016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e47e9ecd397b8902022-04-04 14:00:55.937root 11241100x8000000000000000183015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c591eb934ec398ab2022-04-04 14:00:55.937root 11241100x8000000000000000183014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.937{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70829e5a7302eeb2022-04-04 14:00:55.937root 11241100x8000000000000000183021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.938{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95d2f16a970b0362022-04-04 14:00:55.938root 11241100x8000000000000000183020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.938{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887ddb1387d4523a2022-04-04 14:00:55.938root 534500x8000000000000000183022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:55.949{ec21797c-fa17-624a-6864-4ef1aa550000}5982/bin/psroot 11241100x8000000000000000183024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3168210810c4b72022-04-04 14:00:56.326root 11241100x8000000000000000183023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1747f978f5f281fe2022-04-04 14:00:56.326root 11241100x8000000000000000183037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30811498d9b3360d2022-04-04 14:00:56.327root 11241100x8000000000000000183036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7955214133567f2022-04-04 14:00:56.327root 11241100x8000000000000000183035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76883dddc5155e4d2022-04-04 14:00:56.327root 11241100x8000000000000000183034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc2aec0207205772022-04-04 14:00:56.327root 11241100x8000000000000000183033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971a271adfb77c8c2022-04-04 14:00:56.327root 11241100x8000000000000000183032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6050d53e0c599d252022-04-04 14:00:56.327root 11241100x8000000000000000183031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8b430ddfb467442022-04-04 14:00:56.327root 11241100x8000000000000000183030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb742f1a8b6492572022-04-04 14:00:56.327root 11241100x8000000000000000183029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fd9fd1fd7faad2022-04-04 14:00:56.327root 11241100x8000000000000000183028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0714515aa644ce252022-04-04 14:00:56.327root 11241100x8000000000000000183027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0e79ec46fdee82022-04-04 14:00:56.327root 11241100x8000000000000000183026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3327f00f31d7c2022-04-04 14:00:56.327root 11241100x8000000000000000183025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d22d09d1016c6282022-04-04 14:00:56.327root 11241100x8000000000000000183040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d857a09636605082022-04-04 14:00:56.328root 11241100x8000000000000000183039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ba625f5be30a52022-04-04 14:00:56.328root 11241100x8000000000000000183038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d88f2c2578b780a2022-04-04 14:00:56.328root 11241100x8000000000000000183047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14c19fdb74720c12022-04-04 14:00:56.827root 11241100x8000000000000000183046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2058af632815a4b2022-04-04 14:00:56.827root 11241100x8000000000000000183045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ef828fb1004ea52022-04-04 14:00:56.827root 11241100x8000000000000000183044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81daef212b2e1632022-04-04 14:00:56.827root 11241100x8000000000000000183043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ed3ca14b6cfa9d2022-04-04 14:00:56.827root 11241100x8000000000000000183042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f334cff0732b2662022-04-04 14:00:56.827root 11241100x8000000000000000183041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78325477ce964d982022-04-04 14:00:56.827root 11241100x8000000000000000183057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6669cd3bf2dfed2022-04-04 14:00:56.828root 11241100x8000000000000000183056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e312f468ab8672022-04-04 14:00:56.828root 11241100x8000000000000000183055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d01399ffac74472022-04-04 14:00:56.828root 11241100x8000000000000000183054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b092d67f490535302022-04-04 14:00:56.828root 11241100x8000000000000000183053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4f9c74ecb7b8612022-04-04 14:00:56.828root 11241100x8000000000000000183052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f21e4a6d5377fe2022-04-04 14:00:56.828root 11241100x8000000000000000183051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa80b746f25f5ed2022-04-04 14:00:56.828root 11241100x8000000000000000183050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2a161d48197132022-04-04 14:00:56.828root 11241100x8000000000000000183049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fcf465e0aa1a792022-04-04 14:00:56.828root 11241100x8000000000000000183048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a137f5356c48aac12022-04-04 14:00:56.828root 11241100x8000000000000000183058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:56.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9514c3073b3fedbc2022-04-04 14:00:56.829root 11241100x8000000000000000183071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c22f4b128b58c062022-04-04 14:00:57.327root 11241100x8000000000000000183070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9c451be5aff3602022-04-04 14:00:57.327root 11241100x8000000000000000183069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7c3f527a99008c2022-04-04 14:00:57.327root 11241100x8000000000000000183068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06c56b8f5e6cde72022-04-04 14:00:57.327root 11241100x8000000000000000183067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a9849e99e80fd12022-04-04 14:00:57.327root 11241100x8000000000000000183066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbbb8f7e48c711a2022-04-04 14:00:57.327root 11241100x8000000000000000183065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71e6883bfc42a4d2022-04-04 14:00:57.327root 11241100x8000000000000000183064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdc0778006b93aa2022-04-04 14:00:57.327root 11241100x8000000000000000183063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f1115a2c65f04e2022-04-04 14:00:57.327root 11241100x8000000000000000183062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf335c9afe3605552022-04-04 14:00:57.327root 11241100x8000000000000000183061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357591ecb23487462022-04-04 14:00:57.327root 11241100x8000000000000000183060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e845e7fcf224182022-04-04 14:00:57.327root 11241100x8000000000000000183059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21d59ee82bede5a2022-04-04 14:00:57.327root 11241100x8000000000000000183076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b6cd2aa5724ba62022-04-04 14:00:57.328root 11241100x8000000000000000183075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb2abb8a5ae6db62022-04-04 14:00:57.328root 11241100x8000000000000000183074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4629996eae210e352022-04-04 14:00:57.328root 11241100x8000000000000000183073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3a268b54bfbb942022-04-04 14:00:57.328root 11241100x8000000000000000183072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28093cc6fda3728e2022-04-04 14:00:57.328root 11241100x8000000000000000183083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a6381442d96cc2022-04-04 14:00:57.827root 11241100x8000000000000000183082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47083331fed070472022-04-04 14:00:57.827root 11241100x8000000000000000183081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4826573a4a2bf5842022-04-04 14:00:57.827root 11241100x8000000000000000183080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e460abc6279dc29f2022-04-04 14:00:57.827root 11241100x8000000000000000183079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c5161b54d90e22022-04-04 14:00:57.827root 11241100x8000000000000000183078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7be12354585a52b2022-04-04 14:00:57.827root 11241100x8000000000000000183077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce3f96fa42470182022-04-04 14:00:57.827root 11241100x8000000000000000183090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aad41b5de5ed552022-04-04 14:00:57.828root 11241100x8000000000000000183089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1c6a8bab1578c72022-04-04 14:00:57.828root 11241100x8000000000000000183088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110199c163c52f462022-04-04 14:00:57.828root 11241100x8000000000000000183087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c58ffaef1e95ac2022-04-04 14:00:57.828root 11241100x8000000000000000183086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea736b96d7005e322022-04-04 14:00:57.828root 11241100x8000000000000000183085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc76d1f083b60e42022-04-04 14:00:57.828root 11241100x8000000000000000183084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98806fb8454a92232022-04-04 14:00:57.828root 11241100x8000000000000000183094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2201f7bbc56602022-04-04 14:00:57.829root 11241100x8000000000000000183093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a693192b6de03b652022-04-04 14:00:57.829root 11241100x8000000000000000183092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12ee699a8d755e12022-04-04 14:00:57.829root 11241100x8000000000000000183091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:57.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a48f5fd9632dd72022-04-04 14:00:57.829root 11241100x8000000000000000183099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b0412d07282a6d2022-04-04 14:00:58.144root 11241100x8000000000000000183098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ee9beda9e931c92022-04-04 14:00:58.144root 11241100x8000000000000000183097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6943eb241150c2302022-04-04 14:00:58.144root 11241100x8000000000000000183096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cb529278bb43402022-04-04 14:00:58.144root 354300x8000000000000000183095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.144{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34450-false10.0.1.12-8000- 11241100x8000000000000000183111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e112a816871071e2022-04-04 14:00:58.145root 11241100x8000000000000000183110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88a5cb9385cc3e92022-04-04 14:00:58.145root 11241100x8000000000000000183109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c932d8553e74e3682022-04-04 14:00:58.145root 11241100x8000000000000000183108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a62e292264db46a2022-04-04 14:00:58.145root 11241100x8000000000000000183107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3958fcc3bfebf26d2022-04-04 14:00:58.145root 11241100x8000000000000000183106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ed694d0fcc4c942022-04-04 14:00:58.145root 11241100x8000000000000000183105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24ccf3105ff59822022-04-04 14:00:58.145root 11241100x8000000000000000183104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5379cec3a3ac9f6b2022-04-04 14:00:58.145root 11241100x8000000000000000183103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d430bea78d84216b2022-04-04 14:00:58.145root 11241100x8000000000000000183102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0260ffe5eb2f00d2022-04-04 14:00:58.145root 11241100x8000000000000000183101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24c5fcf5bc55692022-04-04 14:00:58.145root 11241100x8000000000000000183100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.145{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838e8336022e3a5a2022-04-04 14:00:58.145root 11241100x8000000000000000183114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.146{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d9bb2007dab1ae2022-04-04 14:00:58.146root 11241100x8000000000000000183113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.146{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de67897ade8de8492022-04-04 14:00:58.146root 11241100x8000000000000000183112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.146{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7160a6aeff3a64c72022-04-04 14:00:58.146root 11241100x8000000000000000183115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d95e66ce157332b2022-04-04 14:00:58.576root 11241100x8000000000000000183130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d8c3ef9b5f3ed92022-04-04 14:00:58.577root 11241100x8000000000000000183129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24abe7c2ab41c79c2022-04-04 14:00:58.577root 11241100x8000000000000000183128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeec512c6520aace2022-04-04 14:00:58.577root 11241100x8000000000000000183127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c61ab31b386e572022-04-04 14:00:58.577root 11241100x8000000000000000183126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da5eb63e0b498fd2022-04-04 14:00:58.577root 11241100x8000000000000000183125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ea6852653344df2022-04-04 14:00:58.577root 11241100x8000000000000000183124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804f1dab3b0ddc792022-04-04 14:00:58.577root 11241100x8000000000000000183123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9caf62296bb27a12022-04-04 14:00:58.577root 11241100x8000000000000000183122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623ef54aa5a99ef32022-04-04 14:00:58.577root 11241100x8000000000000000183121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd3aa7d025b8ddc2022-04-04 14:00:58.577root 11241100x8000000000000000183120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c0c1689ee7af152022-04-04 14:00:58.577root 11241100x8000000000000000183119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d28140a8070ee372022-04-04 14:00:58.577root 11241100x8000000000000000183118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627b7e111a98f4202022-04-04 14:00:58.577root 11241100x8000000000000000183117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582c4f6d101f061f2022-04-04 14:00:58.577root 11241100x8000000000000000183116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7825a1f124ea5e62022-04-04 14:00:58.577root 11241100x8000000000000000183133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a2cefa0dc5df532022-04-04 14:00:58.578root 11241100x8000000000000000183132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698805a87b50c8952022-04-04 14:00:58.578root 11241100x8000000000000000183131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:58.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5392ee57a37c182022-04-04 14:00:58.578root 11241100x8000000000000000183137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51ad9d47bc4aa122022-04-04 14:00:59.077root 11241100x8000000000000000183136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32a5f60e1bd3dc02022-04-04 14:00:59.077root 11241100x8000000000000000183135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3920b868ea3afbae2022-04-04 14:00:59.077root 11241100x8000000000000000183134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58412c0ad90abfdf2022-04-04 14:00:59.077root 11241100x8000000000000000183140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420121b22e2fa712022-04-04 14:00:59.078root 11241100x8000000000000000183139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec991a1ad276ab2022-04-04 14:00:59.078root 11241100x8000000000000000183138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f515002dbddcc2b2022-04-04 14:00:59.078root 11241100x8000000000000000183144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6cc1d5e3e80a12022-04-04 14:00:59.080root 11241100x8000000000000000183143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5507f67e254d86c42022-04-04 14:00:59.080root 11241100x8000000000000000183142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb630a6f7218acb62022-04-04 14:00:59.080root 11241100x8000000000000000183141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee7b700f0f2bc52022-04-04 14:00:59.080root 11241100x8000000000000000183152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a1fc1f694ec3e72022-04-04 14:00:59.081root 11241100x8000000000000000183151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbd60228ae864f72022-04-04 14:00:59.081root 11241100x8000000000000000183150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180f1f0e6cc86c132022-04-04 14:00:59.081root 11241100x8000000000000000183149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68a068bbd79a80b2022-04-04 14:00:59.081root 11241100x8000000000000000183148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abecdebdcbae3fa82022-04-04 14:00:59.081root 11241100x8000000000000000183147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eed8efc77fb10bd2022-04-04 14:00:59.081root 11241100x8000000000000000183146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a5d1dfaab82f0c2022-04-04 14:00:59.081root 11241100x8000000000000000183145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c660e0e86f2bb492022-04-04 14:00:59.081root 11241100x8000000000000000183153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7e5caf51f07f0f2022-04-04 14:00:59.576root 11241100x8000000000000000183161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12979096491163de2022-04-04 14:00:59.577root 11241100x8000000000000000183160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2742eb7e922feb8c2022-04-04 14:00:59.577root 11241100x8000000000000000183159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2159997f6073622022-04-04 14:00:59.577root 11241100x8000000000000000183158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c8ef362db55ee02022-04-04 14:00:59.577root 11241100x8000000000000000183157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aff5c7393402192022-04-04 14:00:59.577root 11241100x8000000000000000183156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cfc39158a798d72022-04-04 14:00:59.577root 11241100x8000000000000000183155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770af3501cfb096b2022-04-04 14:00:59.577root 11241100x8000000000000000183154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64479b706608b2342022-04-04 14:00:59.577root 11241100x8000000000000000183169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e185827d5142ea92022-04-04 14:00:59.578root 11241100x8000000000000000183168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a377e7d60cd7bbf2022-04-04 14:00:59.578root 11241100x8000000000000000183167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db473deeef84812022-04-04 14:00:59.578root 11241100x8000000000000000183166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0ba46ef333b772022-04-04 14:00:59.578root 11241100x8000000000000000183165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5342cce3829d69fc2022-04-04 14:00:59.578root 11241100x8000000000000000183164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116b97241750c4c82022-04-04 14:00:59.578root 11241100x8000000000000000183163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247c9ccbad2ab9212022-04-04 14:00:59.578root 11241100x8000000000000000183162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fe490ba08f809a2022-04-04 14:00:59.578root 11241100x8000000000000000183171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde3d5dba4af35bb2022-04-04 14:00:59.579root 11241100x8000000000000000183170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:00:59.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5455504ee50707692022-04-04 14:00:59.579root 11241100x8000000000000000183172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989280c9d0c8959e2022-04-04 14:01:00.076root 11241100x8000000000000000183186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c00738c3b7c77562022-04-04 14:01:00.077root 11241100x8000000000000000183185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0663fc1cce5b112022-04-04 14:01:00.077root 11241100x8000000000000000183184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92527b223999988e2022-04-04 14:01:00.077root 11241100x8000000000000000183183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c067f82d9f60d4282022-04-04 14:01:00.077root 11241100x8000000000000000183182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63df66fab786d872022-04-04 14:01:00.077root 11241100x8000000000000000183181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da98edc9cdbca6682022-04-04 14:01:00.077root 11241100x8000000000000000183180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c147907da7c5222022-04-04 14:01:00.077root 11241100x8000000000000000183179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801d0b7514f07072022-04-04 14:01:00.077root 11241100x8000000000000000183178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6201879c2a384042022-04-04 14:01:00.077root 11241100x8000000000000000183177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e747cf7fc0e1284a2022-04-04 14:01:00.077root 11241100x8000000000000000183176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbc2f3c4ffb9a1b2022-04-04 14:01:00.077root 11241100x8000000000000000183175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b85e24c67d1ee2022-04-04 14:01:00.077root 11241100x8000000000000000183174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83404edd983fdd842022-04-04 14:01:00.077root 11241100x8000000000000000183173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aa6ee6c49003662022-04-04 14:01:00.077root 11241100x8000000000000000183190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf58acfd46892c2022-04-04 14:01:00.078root 11241100x8000000000000000183189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681ec466eb0b06bd2022-04-04 14:01:00.078root 11241100x8000000000000000183188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d6022a99d4c98a2022-04-04 14:01:00.078root 11241100x8000000000000000183187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdd2f65f1cf765a2022-04-04 14:01:00.078root 11241100x8000000000000000183198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bc34a0926c552e2022-04-04 14:01:00.577root 11241100x8000000000000000183197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e607657c55538f12022-04-04 14:01:00.577root 11241100x8000000000000000183196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b300b1f3f6de1d2022-04-04 14:01:00.577root 11241100x8000000000000000183195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eebd3d7df1410f2022-04-04 14:01:00.577root 11241100x8000000000000000183194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15afa9bcbb5b91e2022-04-04 14:01:00.577root 11241100x8000000000000000183193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030291334553c3212022-04-04 14:01:00.577root 11241100x8000000000000000183192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1af979bc3a61abc2022-04-04 14:01:00.577root 11241100x8000000000000000183191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98180c069f3422d2022-04-04 14:01:00.577root 11241100x8000000000000000183207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67230bd1b4deba012022-04-04 14:01:00.578root 11241100x8000000000000000183206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe01293c0847d6ad2022-04-04 14:01:00.578root 11241100x8000000000000000183205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f061f0e6d25c52022-04-04 14:01:00.578root 11241100x8000000000000000183204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97813a0927511702022-04-04 14:01:00.578root 11241100x8000000000000000183203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddebc2456baf593b2022-04-04 14:01:00.578root 11241100x8000000000000000183202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6a6c8a03b504eb2022-04-04 14:01:00.578root 11241100x8000000000000000183201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae526f4d1a5a51f62022-04-04 14:01:00.578root 11241100x8000000000000000183200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e0095e83516f802022-04-04 14:01:00.578root 11241100x8000000000000000183199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41264f3771326562022-04-04 14:01:00.578root 11241100x8000000000000000183209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e311ee65dd1b2fc12022-04-04 14:01:00.579root 11241100x8000000000000000183208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:00.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71053b4444a830ee2022-04-04 14:01:00.579root 11241100x8000000000000000183210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d579c1f6ea8d552022-04-04 14:01:01.076root 11241100x8000000000000000183217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568ae7191135373a2022-04-04 14:01:01.077root 11241100x8000000000000000183216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf015beda1ed40f2022-04-04 14:01:01.077root 11241100x8000000000000000183215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042d1a6438b545222022-04-04 14:01:01.077root 11241100x8000000000000000183214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a873a7df03c9a97f2022-04-04 14:01:01.077root 11241100x8000000000000000183213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f858ae20bfc0f352022-04-04 14:01:01.077root 11241100x8000000000000000183212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ece18e6a5ac60b62022-04-04 14:01:01.077root 11241100x8000000000000000183211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e9434ecdee126b2022-04-04 14:01:01.077root 11241100x8000000000000000183228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19507b346f201432022-04-04 14:01:01.078root 11241100x8000000000000000183227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72819f0fc3df9c882022-04-04 14:01:01.078root 11241100x8000000000000000183226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56baadd7585c005d2022-04-04 14:01:01.078root 11241100x8000000000000000183225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29f5b83a0f0a4d92022-04-04 14:01:01.078root 11241100x8000000000000000183224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cd5eb3a43dae9c2022-04-04 14:01:01.078root 11241100x8000000000000000183223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be643ef6df2763d2022-04-04 14:01:01.078root 11241100x8000000000000000183222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774772f988b3da52022-04-04 14:01:01.078root 11241100x8000000000000000183221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9f9c89aac635b92022-04-04 14:01:01.078root 11241100x8000000000000000183220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb0b8cf241d801a2022-04-04 14:01:01.078root 11241100x8000000000000000183219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9f322fcace2672022-04-04 14:01:01.078root 11241100x8000000000000000183218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7080809736c5476e2022-04-04 14:01:01.078root 11241100x8000000000000000183229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bdc209a342e75f2022-04-04 14:01:01.576root 11241100x8000000000000000183233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489ca2bda7f2eff2022-04-04 14:01:01.577root 11241100x8000000000000000183232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed840fbab83b6462022-04-04 14:01:01.577root 11241100x8000000000000000183231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80b0c2f18e265f22022-04-04 14:01:01.577root 11241100x8000000000000000183230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6982b7ac46b8ff302022-04-04 14:01:01.577root 11241100x8000000000000000183238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7b464c78db67f12022-04-04 14:01:01.579root 11241100x8000000000000000183237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a56bad66bbdec32022-04-04 14:01:01.579root 11241100x8000000000000000183236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d8573d00cee6f92022-04-04 14:01:01.579root 11241100x8000000000000000183235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f687f8e3c386322022-04-04 14:01:01.579root 11241100x8000000000000000183234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb1daf094486c9b2022-04-04 14:01:01.579root 11241100x8000000000000000183246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813fd373b4a9bdd2022-04-04 14:01:01.580root 11241100x8000000000000000183245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840c2c9562cf666c2022-04-04 14:01:01.580root 11241100x8000000000000000183244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99ede6e62c851ff2022-04-04 14:01:01.580root 11241100x8000000000000000183243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d58cb042f36a92022-04-04 14:01:01.580root 11241100x8000000000000000183242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c58431a32719032022-04-04 14:01:01.580root 11241100x8000000000000000183241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5343e3e42dae5dcb2022-04-04 14:01:01.580root 11241100x8000000000000000183240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5440c8d195ceae552022-04-04 14:01:01.580root 11241100x8000000000000000183239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f97083371f26b262022-04-04 14:01:01.580root 11241100x8000000000000000183247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:01.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1220aa7f88db7c22022-04-04 14:01:01.581root 11241100x8000000000000000183253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db539e69ef8eb932022-04-04 14:01:02.077root 11241100x8000000000000000183252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bd394a5e0514f02022-04-04 14:01:02.077root 11241100x8000000000000000183251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61689f89b8d4700d2022-04-04 14:01:02.077root 11241100x8000000000000000183250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37e57ce4d0156c2022-04-04 14:01:02.077root 11241100x8000000000000000183249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e70bcb4a31be3172022-04-04 14:01:02.077root 11241100x8000000000000000183248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107f2ad3879771482022-04-04 14:01:02.077root 11241100x8000000000000000183265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b9e35b862bc41c2022-04-04 14:01:02.078root 11241100x8000000000000000183264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9f9201d2b7a55a2022-04-04 14:01:02.078root 11241100x8000000000000000183263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28413148df6effc52022-04-04 14:01:02.078root 11241100x8000000000000000183262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04389153582597a42022-04-04 14:01:02.078root 11241100x8000000000000000183261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26f3c908caf9e232022-04-04 14:01:02.078root 11241100x8000000000000000183260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6753edcea318da302022-04-04 14:01:02.078root 11241100x8000000000000000183259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac514dc0c6305082022-04-04 14:01:02.078root 11241100x8000000000000000183258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65c5107a9c988212022-04-04 14:01:02.078root 11241100x8000000000000000183257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e34b51f0998ed842022-04-04 14:01:02.078root 11241100x8000000000000000183256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dc6c531cdb1ef22022-04-04 14:01:02.078root 11241100x8000000000000000183255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42774021c503e422022-04-04 14:01:02.078root 11241100x8000000000000000183254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc172c91ba4e14bb2022-04-04 14:01:02.078root 11241100x8000000000000000183266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba69029d1513072022-04-04 14:01:02.079root 11241100x8000000000000000183267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.257{ec21797c-f0d9-624a-60fc-886112560000}5459/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-04-04 14:01:02.257root 11241100x8000000000000000183268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e783eb22523a7c42022-04-04 14:01:02.576root 11241100x8000000000000000183271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75181ba0fda9261f2022-04-04 14:01:02.577root 11241100x8000000000000000183270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3d803b8917742e2022-04-04 14:01:02.577root 11241100x8000000000000000183269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd9bafa76d18c5a2022-04-04 14:01:02.577root 11241100x8000000000000000183281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ae0e4f7165468a2022-04-04 14:01:02.578root 11241100x8000000000000000183280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf5fca07b643492022-04-04 14:01:02.578root 11241100x8000000000000000183279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fda651a97d75c42022-04-04 14:01:02.578root 11241100x8000000000000000183278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c5f8548b9909942022-04-04 14:01:02.578root 11241100x8000000000000000183277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7267eba2e7aba4a2022-04-04 14:01:02.578root 11241100x8000000000000000183276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e28ce0590375942022-04-04 14:01:02.578root 11241100x8000000000000000183275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3729ef98c6d31a2022-04-04 14:01:02.578root 11241100x8000000000000000183274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e804e0c222d122022-04-04 14:01:02.578root 11241100x8000000000000000183273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42b5b2b7040a4e62022-04-04 14:01:02.578root 11241100x8000000000000000183272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b629ad82405da0d2022-04-04 14:01:02.578root 11241100x8000000000000000183288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7c61c4db9278ad2022-04-04 14:01:02.579root 11241100x8000000000000000183287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f64330ce43a88872022-04-04 14:01:02.579root 11241100x8000000000000000183286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768d378be3e27a402022-04-04 14:01:02.579root 11241100x8000000000000000183285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f94bbeb9fa11172022-04-04 14:01:02.579root 11241100x8000000000000000183284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9066f9a83a3a8bd82022-04-04 14:01:02.579root 11241100x8000000000000000183283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1961b89a1cd2952022-04-04 14:01:02.579root 11241100x8000000000000000183282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:02.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afa12965b73aabe2022-04-04 14:01:02.579root 11241100x8000000000000000183298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e732673ed30a5a2022-04-04 14:01:03.077root 11241100x8000000000000000183297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ed0825098f08bd2022-04-04 14:01:03.077root 11241100x8000000000000000183296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0fd790443645ce2022-04-04 14:01:03.077root 11241100x8000000000000000183295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7b127a42528f3c2022-04-04 14:01:03.077root 11241100x8000000000000000183294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e04bb438cac1e22022-04-04 14:01:03.077root 11241100x8000000000000000183293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828edcf4b106fe352022-04-04 14:01:03.077root 11241100x8000000000000000183292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbfe18c96bb5da92022-04-04 14:01:03.077root 11241100x8000000000000000183291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13015104dbb42d892022-04-04 14:01:03.077root 11241100x8000000000000000183290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4d8969ad17c6722022-04-04 14:01:03.077root 11241100x8000000000000000183289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc6cd70d44e938b2022-04-04 14:01:03.077root 11241100x8000000000000000183308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2eb7f61537c4672022-04-04 14:01:03.078root 11241100x8000000000000000183307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b016aa4ba824bb2022-04-04 14:01:03.078root 11241100x8000000000000000183306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eb02c673255ed42022-04-04 14:01:03.078root 11241100x8000000000000000183305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602ed0428ed92d592022-04-04 14:01:03.078root 11241100x8000000000000000183304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756e1bb6bba4b58e2022-04-04 14:01:03.078root 11241100x8000000000000000183303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74259b326ccf399d2022-04-04 14:01:03.078root 11241100x8000000000000000183302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccec83fe0976e9602022-04-04 14:01:03.078root 11241100x8000000000000000183301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d11d1285dde3432022-04-04 14:01:03.078root 11241100x8000000000000000183300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b1126bf40f14062022-04-04 14:01:03.078root 11241100x8000000000000000183299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3286d22c2892972022-04-04 14:01:03.078root 354300x8000000000000000183309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.241{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34452-false10.0.1.12-8000- 11241100x8000000000000000183321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a783bd27019c52022-04-04 14:01:03.577root 11241100x8000000000000000183320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2c6bac5cc574aa2022-04-04 14:01:03.577root 11241100x8000000000000000183319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99a97160cd538c12022-04-04 14:01:03.577root 11241100x8000000000000000183318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320f14413522eb882022-04-04 14:01:03.577root 11241100x8000000000000000183317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284fecb71f244ddc2022-04-04 14:01:03.577root 11241100x8000000000000000183316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be75bf72c36c76de2022-04-04 14:01:03.577root 11241100x8000000000000000183315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79f6766fb336a832022-04-04 14:01:03.577root 11241100x8000000000000000183314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ca93e8cad27de72022-04-04 14:01:03.577root 11241100x8000000000000000183313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1ec894a78a97602022-04-04 14:01:03.577root 11241100x8000000000000000183312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d774b9addc7d172022-04-04 14:01:03.577root 11241100x8000000000000000183311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf29a0c5bfcaca2022-04-04 14:01:03.577root 11241100x8000000000000000183310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2d4cd5c10c4c282022-04-04 14:01:03.577root 11241100x8000000000000000183329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8e3232aed75e102022-04-04 14:01:03.578root 11241100x8000000000000000183328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8358706f826bc9f2022-04-04 14:01:03.578root 11241100x8000000000000000183327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee4ec5083a904872022-04-04 14:01:03.578root 11241100x8000000000000000183326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dbc056a9acf2fa2022-04-04 14:01:03.578root 11241100x8000000000000000183325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ce04fa01b3c3702022-04-04 14:01:03.578root 11241100x8000000000000000183324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9346dd3a24e7edcc2022-04-04 14:01:03.578root 11241100x8000000000000000183323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dcf0e769f3981a2022-04-04 14:01:03.578root 11241100x8000000000000000183322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f532fd02f97c4e5b2022-04-04 14:01:03.578root 11241100x8000000000000000183330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:03.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ec60582e49bd302022-04-04 14:01:03.579root 11241100x8000000000000000183331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa49073041923f52022-04-04 14:01:04.076root 11241100x8000000000000000183337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a2e7be11b30bd42022-04-04 14:01:04.077root 11241100x8000000000000000183336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1616800437b5e4c52022-04-04 14:01:04.077root 11241100x8000000000000000183335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0615f3c13c11a22022-04-04 14:01:04.077root 11241100x8000000000000000183334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38afdac1391c97c62022-04-04 14:01:04.077root 11241100x8000000000000000183333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480cc60b78845fd2022-04-04 14:01:04.077root 11241100x8000000000000000183332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6b67dec180f69f2022-04-04 14:01:04.077root 11241100x8000000000000000183348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf66b581b5269572022-04-04 14:01:04.078root 11241100x8000000000000000183347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a2e84a9d4a41072022-04-04 14:01:04.078root 11241100x8000000000000000183346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa0d6f264be73342022-04-04 14:01:04.078root 11241100x8000000000000000183345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb10df26b7731f02022-04-04 14:01:04.078root 11241100x8000000000000000183344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579ce7788862aa82022-04-04 14:01:04.078root 11241100x8000000000000000183343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d127ac702cde72022-04-04 14:01:04.078root 11241100x8000000000000000183342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59fa619345c2d692022-04-04 14:01:04.078root 11241100x8000000000000000183341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c13097761318f12022-04-04 14:01:04.078root 11241100x8000000000000000183340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51be938bb81834c02022-04-04 14:01:04.078root 11241100x8000000000000000183339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d846dbebfa06f6b2022-04-04 14:01:04.078root 11241100x8000000000000000183338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3a407e63b30a962022-04-04 14:01:04.078root 11241100x8000000000000000183353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833ab3aec08fb3112022-04-04 14:01:04.079root 11241100x8000000000000000183352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac3e9abc13acf122022-04-04 14:01:04.079root 11241100x8000000000000000183351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bd076c96d7b1c32022-04-04 14:01:04.079root 11241100x8000000000000000183350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8944c61abfe521652022-04-04 14:01:04.079root 11241100x8000000000000000183349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17ca34c39eb91b2022-04-04 14:01:04.079root 11241100x8000000000000000183358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e6a60b78a61142022-04-04 14:01:04.577root 11241100x8000000000000000183357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917c10234d8bec6f2022-04-04 14:01:04.577root 11241100x8000000000000000183356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777415e54d10307f2022-04-04 14:01:04.577root 11241100x8000000000000000183355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad8c3d18c94f5b02022-04-04 14:01:04.577root 11241100x8000000000000000183354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f301094d901c722022-04-04 14:01:04.577root 11241100x8000000000000000183363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef441a5c78f1582022-04-04 14:01:04.578root 11241100x8000000000000000183362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5b8484f8ebf6ae2022-04-04 14:01:04.578root 11241100x8000000000000000183361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dbb80ed28e42272022-04-04 14:01:04.578root 11241100x8000000000000000183360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358753e285ec56452022-04-04 14:01:04.578root 11241100x8000000000000000183359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbea48fd58a8b5522022-04-04 14:01:04.578root 11241100x8000000000000000183371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb8c87edc5ef8f12022-04-04 14:01:04.579root 11241100x8000000000000000183370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1eef694ad6adde2022-04-04 14:01:04.579root 11241100x8000000000000000183369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e04f76b9fbbcd3d2022-04-04 14:01:04.579root 11241100x8000000000000000183368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa0ba76b753f482022-04-04 14:01:04.579root 11241100x8000000000000000183367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84367503672e983e2022-04-04 14:01:04.579root 11241100x8000000000000000183366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9c06de2244d12e2022-04-04 14:01:04.579root 11241100x8000000000000000183365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f221d968927b1d42022-04-04 14:01:04.579root 11241100x8000000000000000183364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6a55c979488d6a2022-04-04 14:01:04.579root 11241100x8000000000000000183374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072afb1b1c52e8452022-04-04 14:01:04.580root 11241100x8000000000000000183373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf107e5fe33db0192022-04-04 14:01:04.580root 11241100x8000000000000000183372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:04.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbfc60894be24932022-04-04 14:01:04.580root 11241100x8000000000000000183387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a536577c6128a6f12022-04-04 14:01:05.077root 11241100x8000000000000000183386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2753ea3e9fb3e8f32022-04-04 14:01:05.077root 11241100x8000000000000000183385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349b032a897bba9b2022-04-04 14:01:05.077root 11241100x8000000000000000183384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a15a6cd1c7a5c62022-04-04 14:01:05.077root 11241100x8000000000000000183383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80061ba2b124fd0c2022-04-04 14:01:05.077root 11241100x8000000000000000183382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baae36471c5584d2022-04-04 14:01:05.077root 11241100x8000000000000000183381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bc99ced3f9406e2022-04-04 14:01:05.077root 11241100x8000000000000000183380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbd5c410d88b87f2022-04-04 14:01:05.077root 11241100x8000000000000000183379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccfd450be4054e62022-04-04 14:01:05.077root 11241100x8000000000000000183378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429c1cbad1d47b8e2022-04-04 14:01:05.077root 11241100x8000000000000000183377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd317cda752a0202022-04-04 14:01:05.077root 11241100x8000000000000000183376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a476463cc47fee2022-04-04 14:01:05.077root 11241100x8000000000000000183375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0c34d16241f0c12022-04-04 14:01:05.077root 11241100x8000000000000000183395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460ba9404bb998392022-04-04 14:01:05.078root 11241100x8000000000000000183394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5599209f79bb04c22022-04-04 14:01:05.078root 11241100x8000000000000000183393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65922f5891d38a312022-04-04 14:01:05.078root 11241100x8000000000000000183392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd1e2d7de9c7b822022-04-04 14:01:05.078root 11241100x8000000000000000183391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbf6a9439cc71732022-04-04 14:01:05.078root 11241100x8000000000000000183390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cd2addcc76fec82022-04-04 14:01:05.078root 11241100x8000000000000000183389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b5e76915445c142022-04-04 14:01:05.078root 11241100x8000000000000000183388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e556e1488fa3cb92022-04-04 14:01:05.078root 23542300x8000000000000000183396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.259{ec21797c-f0d9-624a-60fc-886112560000}5459root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000183399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ec450e469ad2232022-04-04 14:01:05.576root 11241100x8000000000000000183398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d28f1b10d1d5d592022-04-04 14:01:05.576root 11241100x8000000000000000183397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410c7528a31c284d2022-04-04 14:01:05.576root 11241100x8000000000000000183412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0cec71c65c0a422022-04-04 14:01:05.577root 11241100x8000000000000000183411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0048ab6cec9e322022-04-04 14:01:05.577root 11241100x8000000000000000183410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13061f9515f9bb372022-04-04 14:01:05.577root 11241100x8000000000000000183409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1143e8427f9cdbf72022-04-04 14:01:05.577root 11241100x8000000000000000183408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f843ce3b5894d8e2022-04-04 14:01:05.577root 11241100x8000000000000000183407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261db1610b5ae69b2022-04-04 14:01:05.577root 11241100x8000000000000000183406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11b5326f9890beb2022-04-04 14:01:05.577root 11241100x8000000000000000183405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa959f4ef8b9c72022-04-04 14:01:05.577root 11241100x8000000000000000183404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b077bf65e9a9a2022-04-04 14:01:05.577root 11241100x8000000000000000183403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9192b6940d16b2022-04-04 14:01:05.577root 11241100x8000000000000000183402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b308702c28a1e92022-04-04 14:01:05.577root 11241100x8000000000000000183401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6052ddaa39a288fa2022-04-04 14:01:05.577root 11241100x8000000000000000183400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e75a4e74147e7092022-04-04 14:01:05.577root 11241100x8000000000000000183419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc53ce93f19bf16f2022-04-04 14:01:05.578root 11241100x8000000000000000183418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d44e13e929322ab2022-04-04 14:01:05.578root 11241100x8000000000000000183417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bdfe81ce0788d72022-04-04 14:01:05.578root 11241100x8000000000000000183416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a7ea02d8aeb7c72022-04-04 14:01:05.578root 11241100x8000000000000000183415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329c2923ed785c162022-04-04 14:01:05.578root 11241100x8000000000000000183414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf784010e5ef0972022-04-04 14:01:05.578root 11241100x8000000000000000183413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:05.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de5b1bf17cae1612022-04-04 14:01:05.578root 11241100x8000000000000000183425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacaab2ca68b99d72022-04-04 14:01:06.077root 11241100x8000000000000000183424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb14105909b1278e2022-04-04 14:01:06.077root 11241100x8000000000000000183423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3679732d29494ad2022-04-04 14:01:06.077root 11241100x8000000000000000183422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51f2385cd293f422022-04-04 14:01:06.077root 11241100x8000000000000000183421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a2aaba53ed7a1f2022-04-04 14:01:06.077root 11241100x8000000000000000183420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b156d35cefb6432022-04-04 14:01:06.077root 11241100x8000000000000000183436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42310cf3bea6d2442022-04-04 14:01:06.078root 11241100x8000000000000000183435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f9a2264a74fdcb2022-04-04 14:01:06.078root 11241100x8000000000000000183434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24becc0a14db7c22022-04-04 14:01:06.078root 11241100x8000000000000000183433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aebf40092d06cec2022-04-04 14:01:06.078root 11241100x8000000000000000183432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a686cfa8cb855c5e2022-04-04 14:01:06.078root 11241100x8000000000000000183431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f831a48709a3e4a2022-04-04 14:01:06.078root 11241100x8000000000000000183430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993265da783a94a02022-04-04 14:01:06.078root 11241100x8000000000000000183429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e7c1760b0054f12022-04-04 14:01:06.078root 11241100x8000000000000000183428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46562704c8c79aec2022-04-04 14:01:06.078root 11241100x8000000000000000183427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e341728a19591a2022-04-04 14:01:06.078root 11241100x8000000000000000183426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290c42723dc9ae7a2022-04-04 14:01:06.078root 11241100x8000000000000000183441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a240e3f33016bfe2022-04-04 14:01:06.079root 11241100x8000000000000000183440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1307ccbc4f69bff92022-04-04 14:01:06.079root 11241100x8000000000000000183439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9c04fa24faa8f32022-04-04 14:01:06.079root 11241100x8000000000000000183438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060685373c1302582022-04-04 14:01:06.079root 11241100x8000000000000000183437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9a9872f884fac72022-04-04 14:01:06.079root 11241100x8000000000000000183445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39a61add8b56952022-04-04 14:01:06.576root 11241100x8000000000000000183444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be779fd0ced2602022-04-04 14:01:06.576root 11241100x8000000000000000183443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283aa4d22da95bbe2022-04-04 14:01:06.576root 11241100x8000000000000000183442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69650758c534bf682022-04-04 14:01:06.576root 11241100x8000000000000000183456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a81907fd4347f12022-04-04 14:01:06.577root 11241100x8000000000000000183455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5a4b0997e490512022-04-04 14:01:06.577root 11241100x8000000000000000183454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e151a336744fbc2022-04-04 14:01:06.577root 11241100x8000000000000000183453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360ff6f18c0f27622022-04-04 14:01:06.577root 11241100x8000000000000000183452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b030f2e730cbd94c2022-04-04 14:01:06.577root 11241100x8000000000000000183451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f905f2800924fd2022-04-04 14:01:06.577root 11241100x8000000000000000183450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12aaed96845c7522022-04-04 14:01:06.577root 11241100x8000000000000000183449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57b49b1c3cd31ff2022-04-04 14:01:06.577root 11241100x8000000000000000183448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb7c77b33f1ee552022-04-04 14:01:06.577root 11241100x8000000000000000183447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da432f5ec3bdebe52022-04-04 14:01:06.577root 11241100x8000000000000000183446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350d2fecb63083f22022-04-04 14:01:06.577root 11241100x8000000000000000183465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5ec5b1743c7c1e2022-04-04 14:01:06.578root 11241100x8000000000000000183464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddc30d99e3872c82022-04-04 14:01:06.578root 11241100x8000000000000000183463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de84add9ea99b9b02022-04-04 14:01:06.578root 11241100x8000000000000000183462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d81e4aa54aac6492022-04-04 14:01:06.578root 11241100x8000000000000000183461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b9510d3b10cf522022-04-04 14:01:06.578root 11241100x8000000000000000183460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8cc6e173dfcf662022-04-04 14:01:06.578root 11241100x8000000000000000183459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090fe453944391242022-04-04 14:01:06.578root 11241100x8000000000000000183458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd2a4f819580ada2022-04-04 14:01:06.578root 11241100x8000000000000000183457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:06.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c05075c3f5295662022-04-04 14:01:06.578root 11241100x8000000000000000183475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a589dae42b410d02022-04-04 14:01:07.077root 11241100x8000000000000000183474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca64691821f5a7d42022-04-04 14:01:07.077root 11241100x8000000000000000183473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a79cfeaed51682022-04-04 14:01:07.077root 11241100x8000000000000000183472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f58d4d0977ee422022-04-04 14:01:07.077root 11241100x8000000000000000183471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee049e0311167f8b2022-04-04 14:01:07.077root 11241100x8000000000000000183470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048ed9738ff3996f2022-04-04 14:01:07.077root 11241100x8000000000000000183469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce04db4d1a9c0252022-04-04 14:01:07.077root 11241100x8000000000000000183468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9499abfb8df25edf2022-04-04 14:01:07.077root 11241100x8000000000000000183467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1a2b909255f20a2022-04-04 14:01:07.077root 11241100x8000000000000000183466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa63670e475784b12022-04-04 14:01:07.077root 11241100x8000000000000000183485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd536616dc4df22022-04-04 14:01:07.078root 11241100x8000000000000000183484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced9d39ddf581032022-04-04 14:01:07.078root 11241100x8000000000000000183483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49eca6bcbfb4d542022-04-04 14:01:07.078root 11241100x8000000000000000183482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033f1168658699792022-04-04 14:01:07.078root 11241100x8000000000000000183481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef28f08a6726c372022-04-04 14:01:07.078root 11241100x8000000000000000183480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b0ed1737d7b272022-04-04 14:01:07.078root 11241100x8000000000000000183479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4680119f2200a0b2022-04-04 14:01:07.078root 11241100x8000000000000000183478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8f1d5ea46df0452022-04-04 14:01:07.078root 11241100x8000000000000000183477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a95e4be78dd5312022-04-04 14:01:07.078root 11241100x8000000000000000183476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724d72a8ad7a01052022-04-04 14:01:07.078root 11241100x8000000000000000183487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd92dd5e92fea0a2022-04-04 14:01:07.079root 11241100x8000000000000000183486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4aa0e8c34400072022-04-04 14:01:07.079root 11241100x8000000000000000183499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fd0f542d5277282022-04-04 14:01:07.577root 11241100x8000000000000000183498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f63809027aa0532022-04-04 14:01:07.577root 11241100x8000000000000000183497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47da75dd1d34fd9d2022-04-04 14:01:07.577root 11241100x8000000000000000183496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f70ef3f9fdd0422022-04-04 14:01:07.577root 11241100x8000000000000000183495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac4e5e94ef111ec2022-04-04 14:01:07.577root 11241100x8000000000000000183494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e918fc276e78482022-04-04 14:01:07.577root 11241100x8000000000000000183493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27887755e735561e2022-04-04 14:01:07.577root 11241100x8000000000000000183492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66cd2e68481f2522022-04-04 14:01:07.577root 11241100x8000000000000000183491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6caf0f67bf6c462022-04-04 14:01:07.577root 11241100x8000000000000000183490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43ca56a87a407f02022-04-04 14:01:07.577root 11241100x8000000000000000183489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95504be1942e48662022-04-04 14:01:07.577root 11241100x8000000000000000183488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b6694615aa08b02022-04-04 14:01:07.577root 11241100x8000000000000000183509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810b0de124fd7b9e2022-04-04 14:01:07.578root 11241100x8000000000000000183508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3200f0e2ed17ef2022-04-04 14:01:07.578root 11241100x8000000000000000183507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b357406c175c6d2022-04-04 14:01:07.578root 11241100x8000000000000000183506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3512b423e52888b42022-04-04 14:01:07.578root 11241100x8000000000000000183505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdf8095c23d1b852022-04-04 14:01:07.578root 11241100x8000000000000000183504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34367cc71cbcae392022-04-04 14:01:07.578root 11241100x8000000000000000183503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42bf64125022b442022-04-04 14:01:07.578root 11241100x8000000000000000183502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210c3a8bbf70fc822022-04-04 14:01:07.578root 11241100x8000000000000000183501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4c1b5c0b0232e22022-04-04 14:01:07.578root 11241100x8000000000000000183500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:07.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33a8167ed6827452022-04-04 14:01:07.578root 11241100x8000000000000000183512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9866d22d5a29e252022-04-04 14:01:08.077root 11241100x8000000000000000183511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e7154f1e664b9c2022-04-04 14:01:08.077root 11241100x8000000000000000183510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e472970fc5982b92022-04-04 14:01:08.077root 11241100x8000000000000000183527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b2d40c577133652022-04-04 14:01:08.078root 11241100x8000000000000000183526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296f0ad7e27c437e2022-04-04 14:01:08.078root 11241100x8000000000000000183525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b694b7608c40682022-04-04 14:01:08.078root 11241100x8000000000000000183524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc248884ead9b712022-04-04 14:01:08.078root 11241100x8000000000000000183523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080523197e9e569f2022-04-04 14:01:08.078root 11241100x8000000000000000183522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dbed7d7bfe433e2022-04-04 14:01:08.078root 11241100x8000000000000000183521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff7de6d2a07a9672022-04-04 14:01:08.078root 11241100x8000000000000000183520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e204509f1d3a9fd72022-04-04 14:01:08.078root 11241100x8000000000000000183519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919f1bb4eb55b4352022-04-04 14:01:08.078root 11241100x8000000000000000183518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c2f610c8523e222022-04-04 14:01:08.078root 11241100x8000000000000000183517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9625f57636ed496c2022-04-04 14:01:08.078root 11241100x8000000000000000183516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0045d2424243884f2022-04-04 14:01:08.078root 11241100x8000000000000000183515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b73e0c612c8de12022-04-04 14:01:08.078root 11241100x8000000000000000183514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db433030c6cb88e2022-04-04 14:01:08.078root 11241100x8000000000000000183513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dcb8ea46c06e282022-04-04 14:01:08.078root 11241100x8000000000000000183531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2723ba1ee4a6df172022-04-04 14:01:08.079root 11241100x8000000000000000183530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c9f98e6fb60c302022-04-04 14:01:08.079root 11241100x8000000000000000183529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8a722cd308eea22022-04-04 14:01:08.079root 11241100x8000000000000000183528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327733e546957c182022-04-04 14:01:08.079root 11241100x8000000000000000183540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4b73a1940ae3f22022-04-04 14:01:08.577root 11241100x8000000000000000183539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4197f863a7d569492022-04-04 14:01:08.577root 11241100x8000000000000000183538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335cf5e4afcff71a2022-04-04 14:01:08.577root 11241100x8000000000000000183537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba87a9d4fd97d8a2022-04-04 14:01:08.577root 11241100x8000000000000000183536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91e09105c395e22022-04-04 14:01:08.577root 11241100x8000000000000000183535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3de0203ea7a20092022-04-04 14:01:08.577root 11241100x8000000000000000183534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179f38d75b3b5f642022-04-04 14:01:08.577root 11241100x8000000000000000183533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f8cbbc33005abc2022-04-04 14:01:08.577root 11241100x8000000000000000183532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e51f545f52d8fa2022-04-04 14:01:08.577root 11241100x8000000000000000183552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeb1645368b41442022-04-04 14:01:08.578root 11241100x8000000000000000183551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41049c319f10a7442022-04-04 14:01:08.578root 11241100x8000000000000000183550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70dd837cb2d609d2022-04-04 14:01:08.578root 11241100x8000000000000000183549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db63db81ca8064c52022-04-04 14:01:08.578root 11241100x8000000000000000183548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bf9feea92955d82022-04-04 14:01:08.578root 11241100x8000000000000000183547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75f3a193b72c9682022-04-04 14:01:08.578root 11241100x8000000000000000183546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a18d75edc9011d2022-04-04 14:01:08.578root 11241100x8000000000000000183545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae63db4bf2ba65c2022-04-04 14:01:08.578root 11241100x8000000000000000183544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea0a840d756ce092022-04-04 14:01:08.578root 11241100x8000000000000000183543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67c0031acdd71c42022-04-04 14:01:08.578root 11241100x8000000000000000183542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c969c4c24dd1482022-04-04 14:01:08.578root 11241100x8000000000000000183541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2521c470c2b0cb6c2022-04-04 14:01:08.578root 11241100x8000000000000000183553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:08.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d5a4c6a00069382022-04-04 14:01:08.579root 11241100x8000000000000000183555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.014{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b28d6bb55894f3e2022-04-04 14:01:09.014root 354300x8000000000000000183554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.014{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34454-false10.0.1.12-8000- 11241100x8000000000000000183566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0038562074738a1b2022-04-04 14:01:09.015root 11241100x8000000000000000183565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c510934dd302ddb32022-04-04 14:01:09.015root 11241100x8000000000000000183564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3030d4466245b43c2022-04-04 14:01:09.015root 11241100x8000000000000000183563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc6b709f6743ae72022-04-04 14:01:09.015root 11241100x8000000000000000183562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb6aea742fb1afd2022-04-04 14:01:09.015root 11241100x8000000000000000183561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aa90792a1b93bb2022-04-04 14:01:09.015root 11241100x8000000000000000183560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8120f4f823f97b1b2022-04-04 14:01:09.015root 11241100x8000000000000000183559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b86615141889dd2022-04-04 14:01:09.015root 11241100x8000000000000000183558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff2e899437c22522022-04-04 14:01:09.015root 11241100x8000000000000000183557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d663373c31a8fbe2022-04-04 14:01:09.015root 11241100x8000000000000000183556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.015{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684b2772915882822022-04-04 14:01:09.015root 11241100x8000000000000000183578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83e80bf336295af2022-04-04 14:01:09.016root 11241100x8000000000000000183577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a167c52e9b6f124b2022-04-04 14:01:09.016root 11241100x8000000000000000183576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838e153d5fb936112022-04-04 14:01:09.016root 11241100x8000000000000000183575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb5ac821a5b9d92022-04-04 14:01:09.016root 11241100x8000000000000000183574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f149829203ea942022-04-04 14:01:09.016root 11241100x8000000000000000183573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8892d3e5cb0176922022-04-04 14:01:09.016root 11241100x8000000000000000183572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546b13f4e672b6472022-04-04 14:01:09.016root 11241100x8000000000000000183571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a38766f395303c22022-04-04 14:01:09.016root 11241100x8000000000000000183570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f751902bcc4083b2022-04-04 14:01:09.016root 11241100x8000000000000000183569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0deaa9874e6f032022-04-04 14:01:09.016root 11241100x8000000000000000183568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca77024c58ea4bf2022-04-04 14:01:09.016root 11241100x8000000000000000183567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.016{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e4fa73dfb75ab32022-04-04 14:01:09.016root 11241100x8000000000000000183584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.017{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e50ea19287958c2022-04-04 14:01:09.017root 11241100x8000000000000000183583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.017{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1522ac1bc90c67d32022-04-04 14:01:09.017root 11241100x8000000000000000183582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.017{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77b72f2aeba68ae2022-04-04 14:01:09.017root 11241100x8000000000000000183581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.017{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247b935fc672e872022-04-04 14:01:09.017root 11241100x8000000000000000183580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.017{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99803f046ec207082022-04-04 14:01:09.017root 11241100x8000000000000000183579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.017{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49b0a9a1448b4c32022-04-04 14:01:09.017root 11241100x8000000000000000183587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840918aaf5a89fc42022-04-04 14:01:09.327root 11241100x8000000000000000183586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57193293913c990e2022-04-04 14:01:09.327root 11241100x8000000000000000183585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89472174f91c1602022-04-04 14:01:09.327root 11241100x8000000000000000183592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7482cdcbb94a300d2022-04-04 14:01:09.328root 11241100x8000000000000000183591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ea18654e7d5232022-04-04 14:01:09.328root 11241100x8000000000000000183590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f8c466c5677b532022-04-04 14:01:09.328root 11241100x8000000000000000183589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75d99196274a0832022-04-04 14:01:09.328root 11241100x8000000000000000183588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dd026436e6ad522022-04-04 14:01:09.328root 11241100x8000000000000000183597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0e541bb1206fd42022-04-04 14:01:09.329root 11241100x8000000000000000183596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8370a346d193222a2022-04-04 14:01:09.329root 11241100x8000000000000000183595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a279a447a482fdb82022-04-04 14:01:09.329root 11241100x8000000000000000183594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9bf57ca9df508c2022-04-04 14:01:09.329root 11241100x8000000000000000183593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f6aa423f71966b2022-04-04 14:01:09.329root 11241100x8000000000000000183602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e2ec6afa3db1c2022-04-04 14:01:09.330root 11241100x8000000000000000183601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f2ba96af1e284c2022-04-04 14:01:09.330root 11241100x8000000000000000183600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee265afaa5037d22022-04-04 14:01:09.330root 11241100x8000000000000000183599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2917434cd27e3712022-04-04 14:01:09.330root 11241100x8000000000000000183598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1ef7b4fc793adc2022-04-04 14:01:09.330root 11241100x8000000000000000183607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d751a943edb9bcd2022-04-04 14:01:09.331root 11241100x8000000000000000183606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f54387d3f91d9722022-04-04 14:01:09.331root 11241100x8000000000000000183605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4289b74a3ee89e22022-04-04 14:01:09.331root 11241100x8000000000000000183604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46f8fc6b12b08992022-04-04 14:01:09.331root 11241100x8000000000000000183603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef2342b906b48fd2022-04-04 14:01:09.331root 11241100x8000000000000000183615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bedaed43c678142022-04-04 14:01:09.827root 11241100x8000000000000000183614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411dcda845475c6e2022-04-04 14:01:09.827root 11241100x8000000000000000183613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146331ae4a4271f42022-04-04 14:01:09.827root 11241100x8000000000000000183612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad650dce8c4a849f2022-04-04 14:01:09.827root 11241100x8000000000000000183611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cae365b000f5982022-04-04 14:01:09.827root 11241100x8000000000000000183610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a275d745761e6482022-04-04 14:01:09.827root 11241100x8000000000000000183609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a074b74a766bdc2022-04-04 14:01:09.827root 11241100x8000000000000000183608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8a29237983b07b2022-04-04 14:01:09.827root 11241100x8000000000000000183630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53de6f150ff480a12022-04-04 14:01:09.828root 11241100x8000000000000000183629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124eff9b0e543e272022-04-04 14:01:09.828root 11241100x8000000000000000183628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377ad48180a8c1452022-04-04 14:01:09.828root 11241100x8000000000000000183627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada9e61024498ff02022-04-04 14:01:09.828root 11241100x8000000000000000183626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff68df2525d67caa2022-04-04 14:01:09.828root 11241100x8000000000000000183625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710476919eeb30af2022-04-04 14:01:09.828root 11241100x8000000000000000183624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaf11f8523ba6e42022-04-04 14:01:09.828root 11241100x8000000000000000183623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28bb306a26beb892022-04-04 14:01:09.828root 11241100x8000000000000000183622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab086907b82aa7932022-04-04 14:01:09.828root 11241100x8000000000000000183621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f8c3fb44bccd132022-04-04 14:01:09.828root 11241100x8000000000000000183620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b0f30487a41a452022-04-04 14:01:09.828root 11241100x8000000000000000183619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d3cf7fc2ae91702022-04-04 14:01:09.828root 11241100x8000000000000000183618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde5c3013ab4dcc02022-04-04 14:01:09.828root 11241100x8000000000000000183617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15ad831849f62072022-04-04 14:01:09.828root 11241100x8000000000000000183616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:09.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25f0a7049cbb1072022-04-04 14:01:09.828root 11241100x8000000000000000183631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d07ba4623fa28672022-04-04 14:01:10.326root 11241100x8000000000000000183641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a13fb80db836d12022-04-04 14:01:10.327root 11241100x8000000000000000183640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d10a901908216a22022-04-04 14:01:10.327root 11241100x8000000000000000183639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d5fba85afbaa8a2022-04-04 14:01:10.327root 11241100x8000000000000000183638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c33715cdf88b4422022-04-04 14:01:10.327root 11241100x8000000000000000183637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a5168d3aead0c52022-04-04 14:01:10.327root 11241100x8000000000000000183636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f3b0fdc992b35e2022-04-04 14:01:10.327root 11241100x8000000000000000183635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4700328199ed4f6d2022-04-04 14:01:10.327root 11241100x8000000000000000183634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d75ad455f5b7e22022-04-04 14:01:10.327root 11241100x8000000000000000183633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f524a17f9287432022-04-04 14:01:10.327root 11241100x8000000000000000183632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a4445117a1f83f2022-04-04 14:01:10.327root 11241100x8000000000000000183653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de733e96c59b83852022-04-04 14:01:10.328root 11241100x8000000000000000183652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deb76c9581f08722022-04-04 14:01:10.328root 11241100x8000000000000000183651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2801dff933f06abf2022-04-04 14:01:10.328root 11241100x8000000000000000183650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d47cad52a98ee42022-04-04 14:01:10.328root 11241100x8000000000000000183649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b90c074c8e9e7e2022-04-04 14:01:10.328root 11241100x8000000000000000183648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e33b264e2c99f862022-04-04 14:01:10.328root 11241100x8000000000000000183647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de99a73ab3362052022-04-04 14:01:10.328root 11241100x8000000000000000183646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533c455ffc9d35822022-04-04 14:01:10.328root 11241100x8000000000000000183645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da21c58b17f98782022-04-04 14:01:10.328root 11241100x8000000000000000183644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e99a19b631686d2022-04-04 14:01:10.328root 11241100x8000000000000000183643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e48d0559be9ce22022-04-04 14:01:10.328root 11241100x8000000000000000183642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81f122ad09a8a912022-04-04 14:01:10.328root 11241100x8000000000000000183658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694aa0babecf226e2022-04-04 14:01:10.827root 11241100x8000000000000000183657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a58ea95414f7e442022-04-04 14:01:10.827root 11241100x8000000000000000183656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bea96d1d16d99082022-04-04 14:01:10.827root 11241100x8000000000000000183655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d97f170f2a71a602022-04-04 14:01:10.827root 11241100x8000000000000000183654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1147db0d858ede962022-04-04 14:01:10.827root 11241100x8000000000000000183666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0d69681486cc682022-04-04 14:01:10.828root 11241100x8000000000000000183665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9dffd20505e32b2022-04-04 14:01:10.828root 11241100x8000000000000000183664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca5f2057898dd952022-04-04 14:01:10.828root 11241100x8000000000000000183663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4d78279e94dfc2022-04-04 14:01:10.828root 11241100x8000000000000000183662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ad1c623c6d44542022-04-04 14:01:10.828root 11241100x8000000000000000183661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc195484504de3f2022-04-04 14:01:10.828root 11241100x8000000000000000183660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd2beb84608f2c32022-04-04 14:01:10.828root 11241100x8000000000000000183659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce6709ceba9eb462022-04-04 14:01:10.828root 11241100x8000000000000000183675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d444b7bd09dc1ad52022-04-04 14:01:10.829root 11241100x8000000000000000183674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e014713fcc90572022-04-04 14:01:10.829root 11241100x8000000000000000183673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d5f80ec9b4c3ae2022-04-04 14:01:10.829root 11241100x8000000000000000183672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112e3fc1a4c06ecd2022-04-04 14:01:10.829root 11241100x8000000000000000183671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9265f78ac8014de72022-04-04 14:01:10.829root 11241100x8000000000000000183670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede3eca4f25570f12022-04-04 14:01:10.829root 11241100x8000000000000000183669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603876ec4ee1fd2c2022-04-04 14:01:10.829root 11241100x8000000000000000183668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5628f992ebd327b42022-04-04 14:01:10.829root 11241100x8000000000000000183667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e76695811e5bdae2022-04-04 14:01:10.829root 11241100x8000000000000000183676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:10.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c124d336433ad442022-04-04 14:01:10.830root 11241100x8000000000000000183679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c538835390130efe2022-04-04 14:01:11.326root 11241100x8000000000000000183678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bf6a015183ad722022-04-04 14:01:11.326root 11241100x8000000000000000183677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea75acec170aa992022-04-04 14:01:11.326root 11241100x8000000000000000183694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1272ae3d0f8cd4ec2022-04-04 14:01:11.327root 11241100x8000000000000000183693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9558f59e7c8344c22022-04-04 14:01:11.327root 11241100x8000000000000000183692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea04686c8ed765a32022-04-04 14:01:11.327root 11241100x8000000000000000183691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeeeee2966d7bae2022-04-04 14:01:11.327root 11241100x8000000000000000183690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed518aa8e9723eb92022-04-04 14:01:11.327root 11241100x8000000000000000183689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43dc65c5e655a2c2022-04-04 14:01:11.327root 11241100x8000000000000000183688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9840a9dbf6ed323f2022-04-04 14:01:11.327root 11241100x8000000000000000183687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a18436f036684e22022-04-04 14:01:11.327root 11241100x8000000000000000183686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d9ed167c0f93d2022-04-04 14:01:11.327root 11241100x8000000000000000183685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849f8859287de2a92022-04-04 14:01:11.327root 11241100x8000000000000000183684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946f58fd6d3a5e4d2022-04-04 14:01:11.327root 11241100x8000000000000000183683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db896820177d5d8c2022-04-04 14:01:11.327root 11241100x8000000000000000183682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7a05192ed755fe2022-04-04 14:01:11.327root 11241100x8000000000000000183681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236cf7e19d0f717e2022-04-04 14:01:11.327root 11241100x8000000000000000183680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa889f013e4186b22022-04-04 14:01:11.327root 11241100x8000000000000000183700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb8fdd6fc8550832022-04-04 14:01:11.328root 11241100x8000000000000000183699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353328fbc5d625fb2022-04-04 14:01:11.328root 11241100x8000000000000000183698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59c70823d0b86712022-04-04 14:01:11.328root 11241100x8000000000000000183697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2c4654bcd434182022-04-04 14:01:11.328root 11241100x8000000000000000183696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d219462378cbee2022-04-04 14:01:11.328root 11241100x8000000000000000183695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0986b7380b3818342022-04-04 14:01:11.328root 11241100x8000000000000000183701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ede4985602bbb9b2022-04-04 14:01:11.826root 11241100x8000000000000000183715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71987fc12a743d062022-04-04 14:01:11.827root 11241100x8000000000000000183714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6002a1ce1a53d102022-04-04 14:01:11.827root 11241100x8000000000000000183713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb7725750456e052022-04-04 14:01:11.827root 11241100x8000000000000000183712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f70341a6d9b2e2022-04-04 14:01:11.827root 11241100x8000000000000000183711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8d937cb247c6722022-04-04 14:01:11.827root 11241100x8000000000000000183710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2578dfa52f28afe22022-04-04 14:01:11.827root 11241100x8000000000000000183709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4834f2c70e152d912022-04-04 14:01:11.827root 11241100x8000000000000000183708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0a62c85472c2552022-04-04 14:01:11.827root 11241100x8000000000000000183707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e106a68eff45b46f2022-04-04 14:01:11.827root 11241100x8000000000000000183706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081bc0c03ce81ad72022-04-04 14:01:11.827root 11241100x8000000000000000183705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7446f5483a44545a2022-04-04 14:01:11.827root 11241100x8000000000000000183704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cb66965ed295732022-04-04 14:01:11.827root 11241100x8000000000000000183703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5f8ce4226a1d492022-04-04 14:01:11.827root 11241100x8000000000000000183702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834d53ddbb9700042022-04-04 14:01:11.827root 11241100x8000000000000000183723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd404143c5d31bd22022-04-04 14:01:11.828root 11241100x8000000000000000183722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65105fe0899396f2022-04-04 14:01:11.828root 11241100x8000000000000000183721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9347968bde4809a22022-04-04 14:01:11.828root 11241100x8000000000000000183720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4de02ce4f1b1bd2022-04-04 14:01:11.828root 11241100x8000000000000000183719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b10a120a0c71dc2022-04-04 14:01:11.828root 11241100x8000000000000000183718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152989a01bac535e2022-04-04 14:01:11.828root 11241100x8000000000000000183717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e5eeb032bb0ed42022-04-04 14:01:11.828root 11241100x8000000000000000183716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:11.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4237fe4539e691a52022-04-04 14:01:11.828root 11241100x8000000000000000183724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cda9a25f9d14522022-04-04 14:01:12.326root 11241100x8000000000000000183734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8668d189c5ee87b2022-04-04 14:01:12.327root 11241100x8000000000000000183733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab11bc045b72ac832022-04-04 14:01:12.327root 11241100x8000000000000000183732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2f61da70e7ed72022-04-04 14:01:12.327root 11241100x8000000000000000183731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a901a8b846410f1c2022-04-04 14:01:12.327root 11241100x8000000000000000183730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a118f4d46c0c2d622022-04-04 14:01:12.327root 11241100x8000000000000000183729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ff0e18aca8dca62022-04-04 14:01:12.327root 11241100x8000000000000000183728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b12842f082f6aa2022-04-04 14:01:12.327root 11241100x8000000000000000183727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec442f080ed08782022-04-04 14:01:12.327root 11241100x8000000000000000183726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6d66bf39014bf2022-04-04 14:01:12.327root 11241100x8000000000000000183725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b8c5033fc7de5e2022-04-04 14:01:12.327root 11241100x8000000000000000183746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1f0de5ba9dc5312022-04-04 14:01:12.328root 11241100x8000000000000000183745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc76855d7f1b7c912022-04-04 14:01:12.328root 11241100x8000000000000000183744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4b4df72f2affe2022-04-04 14:01:12.328root 11241100x8000000000000000183743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021c4381f3b4f8e92022-04-04 14:01:12.328root 11241100x8000000000000000183742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297b8e332e1c9de22022-04-04 14:01:12.328root 11241100x8000000000000000183741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3607d233aaba902d2022-04-04 14:01:12.328root 11241100x8000000000000000183740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8071d589625ace2022-04-04 14:01:12.328root 11241100x8000000000000000183739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de08f1b18d2250a2022-04-04 14:01:12.328root 11241100x8000000000000000183738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857629c8628bbef2022-04-04 14:01:12.328root 11241100x8000000000000000183737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47abf7e9fd528cab2022-04-04 14:01:12.328root 11241100x8000000000000000183736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce8186fcbf25aa32022-04-04 14:01:12.328root 11241100x8000000000000000183735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbaf2e32a15fa6d2022-04-04 14:01:12.328root 11241100x8000000000000000183756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fb3005f6cb72d32022-04-04 14:01:12.827root 11241100x8000000000000000183755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ae58f41235d542022-04-04 14:01:12.827root 11241100x8000000000000000183754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f943f2ac66f5352022-04-04 14:01:12.827root 11241100x8000000000000000183753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73dd781b034b432022-04-04 14:01:12.827root 11241100x8000000000000000183752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af1b8789fad75f02022-04-04 14:01:12.827root 11241100x8000000000000000183751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05317a473de33c2a2022-04-04 14:01:12.827root 11241100x8000000000000000183750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a18b48f32477732022-04-04 14:01:12.827root 11241100x8000000000000000183749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f755051546e161f32022-04-04 14:01:12.827root 11241100x8000000000000000183748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c729d4fb9e5ad8a2022-04-04 14:01:12.827root 11241100x8000000000000000183747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb76e8dc261fedf82022-04-04 14:01:12.827root 11241100x8000000000000000183767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0700b547773067802022-04-04 14:01:12.828root 11241100x8000000000000000183766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a4074fe62610962022-04-04 14:01:12.828root 11241100x8000000000000000183765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7be84c6371024fc2022-04-04 14:01:12.828root 11241100x8000000000000000183764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14562e6362e21fa82022-04-04 14:01:12.828root 11241100x8000000000000000183763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1be3f677f59b9f2022-04-04 14:01:12.828root 11241100x8000000000000000183762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dee77c208c7d202022-04-04 14:01:12.828root 11241100x8000000000000000183761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2d46f232f5cace2022-04-04 14:01:12.828root 11241100x8000000000000000183760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613834b390590c272022-04-04 14:01:12.828root 11241100x8000000000000000183759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff5f8cbb59e51982022-04-04 14:01:12.828root 11241100x8000000000000000183758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c80cbffc16d5fe2022-04-04 14:01:12.828root 11241100x8000000000000000183757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853b7f51417433b72022-04-04 14:01:12.828root 11241100x8000000000000000183769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16421ff05bfb7812022-04-04 14:01:12.829root 11241100x8000000000000000183768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:12.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed7d366520eed442022-04-04 14:01:12.829root 11241100x8000000000000000183775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a409d65b74941bd72022-04-04 14:01:13.327root 11241100x8000000000000000183774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2158b9a410da94a2022-04-04 14:01:13.327root 11241100x8000000000000000183773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b70f8fe2cb26322022-04-04 14:01:13.327root 11241100x8000000000000000183772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4a2a250a421e9c2022-04-04 14:01:13.327root 11241100x8000000000000000183771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21abdf9309e21ee2022-04-04 14:01:13.327root 11241100x8000000000000000183770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8589eee0bd16c98e2022-04-04 14:01:13.327root 11241100x8000000000000000183786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8b3759ceb6bb922022-04-04 14:01:13.328root 11241100x8000000000000000183785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be7817805be4862022-04-04 14:01:13.328root 11241100x8000000000000000183784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9226beabd6a7ecec2022-04-04 14:01:13.328root 11241100x8000000000000000183783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b953697f4ae6dc2022-04-04 14:01:13.328root 11241100x8000000000000000183782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf2171565b3c7292022-04-04 14:01:13.328root 11241100x8000000000000000183781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40597dadb2ea9bc72022-04-04 14:01:13.328root 11241100x8000000000000000183780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f091eebb11258cdc2022-04-04 14:01:13.328root 11241100x8000000000000000183779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559007bdbeee08372022-04-04 14:01:13.328root 11241100x8000000000000000183778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56419e64c1412fb2022-04-04 14:01:13.328root 11241100x8000000000000000183777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b3dfe31eaccca82022-04-04 14:01:13.328root 11241100x8000000000000000183776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75750cf9959f3af2022-04-04 14:01:13.328root 11241100x8000000000000000183792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8e4ac7f5f56ab12022-04-04 14:01:13.329root 11241100x8000000000000000183791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e98b16b68a07cab2022-04-04 14:01:13.329root 11241100x8000000000000000183790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59c209c42cae2d62022-04-04 14:01:13.329root 11241100x8000000000000000183789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502614724fb8fc062022-04-04 14:01:13.329root 11241100x8000000000000000183788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e5dd67f24384962022-04-04 14:01:13.329root 11241100x8000000000000000183787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2549b4f3f36605192022-04-04 14:01:13.329root 154100x8000000000000000183795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.492{ec21797c-fa29-624a-e047-070dbd550000}5983/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec21797c-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1413--- 11241100x8000000000000000183794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.492{ec21797c-fa29-624a-e087-ab8e10560000}5983/usr/sbin/sshd/proc/5983/oom_score_adj2022-04-04 14:01:13.492root 354300x8000000000000000183793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.492{ec21797c-eb0a-624a-e087-ab8e10560000}1413/usr/sbin/sshdroottcpfalsefalse64.227.129.254-34494-false10.0.1.20-22- 11241100x8000000000000000183802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd192c65137bf1f2022-04-04 14:01:13.827root 11241100x8000000000000000183801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34487aa96d5be6562022-04-04 14:01:13.827root 11241100x8000000000000000183800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a1176b42c18ab12022-04-04 14:01:13.827root 11241100x8000000000000000183799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1de38bf578d1662022-04-04 14:01:13.827root 11241100x8000000000000000183798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf8a9b1f18f8d42022-04-04 14:01:13.827root 11241100x8000000000000000183797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf1a2cd794f24252022-04-04 14:01:13.827root 11241100x8000000000000000183796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49815d082cdd48a2022-04-04 14:01:13.827root 11241100x8000000000000000183811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf2d69a11c7cb0f2022-04-04 14:01:13.828root 11241100x8000000000000000183810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b056259ef294c4332022-04-04 14:01:13.828root 11241100x8000000000000000183809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e471e623f1ce4d1f2022-04-04 14:01:13.828root 11241100x8000000000000000183808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b1dded1542dd6c2022-04-04 14:01:13.828root 11241100x8000000000000000183807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1a6029bc8f03662022-04-04 14:01:13.828root 11241100x8000000000000000183806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3c6a0d508c24bf2022-04-04 14:01:13.828root 11241100x8000000000000000183805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941671f07a4f04f92022-04-04 14:01:13.828root 11241100x8000000000000000183804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4840862ac05e91272022-04-04 14:01:13.828root 11241100x8000000000000000183803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a3d973794f666f2022-04-04 14:01:13.828root 11241100x8000000000000000183819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237145eb137f791a2022-04-04 14:01:13.829root 11241100x8000000000000000183818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c635663f6488762022-04-04 14:01:13.829root 11241100x8000000000000000183817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f4ebea7eccc1b22022-04-04 14:01:13.829root 11241100x8000000000000000183816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fda14957e1604ec2022-04-04 14:01:13.829root 11241100x8000000000000000183815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1e9c991fc35ed92022-04-04 14:01:13.829root 11241100x8000000000000000183814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb5b1acb51bc3922022-04-04 14:01:13.829root 11241100x8000000000000000183813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740d8ad50ca289c42022-04-04 14:01:13.829root 11241100x8000000000000000183812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cec8a02bc6dfe52022-04-04 14:01:13.829root 11241100x8000000000000000183821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf27418cc05a542022-04-04 14:01:13.830root 11241100x8000000000000000183820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:13.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fe7ac2efe2c4fc2022-04-04 14:01:13.830root 354300x8000000000000000183822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.210{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34456-false10.0.1.12-8000- 11241100x8000000000000000183824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.211{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec00decc64e63a2e2022-04-04 14:01:14.211root 11241100x8000000000000000183823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.211{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e94f4def15d30a82022-04-04 14:01:14.211root 11241100x8000000000000000183828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.212{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48411da121b195812022-04-04 14:01:14.212root 11241100x8000000000000000183827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.212{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ee398f29914162022-04-04 14:01:14.212root 11241100x8000000000000000183826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.212{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277e819d337361262022-04-04 14:01:14.212root 11241100x8000000000000000183825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.212{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebad5822f65ff0752022-04-04 14:01:14.212root 11241100x8000000000000000183835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.213{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539111810486dec32022-04-04 14:01:14.213root 11241100x8000000000000000183834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.213{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf20c33a9850db3c2022-04-04 14:01:14.213root 11241100x8000000000000000183833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.213{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa97f97853f3f722022-04-04 14:01:14.213root 11241100x8000000000000000183832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.213{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65250e68ff0941f2022-04-04 14:01:14.213root 11241100x8000000000000000183831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.213{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f87a4b8d5847662022-04-04 14:01:14.213root 11241100x8000000000000000183830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.213{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03b4b7ba632d9c2022-04-04 14:01:14.213root 11241100x8000000000000000183829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.213{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42784e64810e7fe2022-04-04 14:01:14.213root 11241100x8000000000000000183839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.214{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dba50612b2886722022-04-04 14:01:14.214root 11241100x8000000000000000183838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.214{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359933ee755d472d2022-04-04 14:01:14.214root 11241100x8000000000000000183837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.214{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2302fea575cef802022-04-04 14:01:14.214root 11241100x8000000000000000183836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.214{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5190c61e39638cca2022-04-04 14:01:14.214root 11241100x8000000000000000183845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.216{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d342fbb329b26b982022-04-04 14:01:14.216root 11241100x8000000000000000183844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.216{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a961ca77b19da12022-04-04 14:01:14.216root 11241100x8000000000000000183843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.216{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109cda60856256ba2022-04-04 14:01:14.216root 11241100x8000000000000000183842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.216{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e4218e66409e7c2022-04-04 14:01:14.216root 11241100x8000000000000000183841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.216{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3404ba40db3bce2022-04-04 14:01:14.216root 11241100x8000000000000000183840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.216{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50631a6bc2fc8da82022-04-04 14:01:14.216root 11241100x8000000000000000183854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef84eb8827165e7e2022-04-04 14:01:14.217root 11241100x8000000000000000183853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ce45ba8597b6292022-04-04 14:01:14.217root 11241100x8000000000000000183852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6595c417aa3ee1cf2022-04-04 14:01:14.217root 11241100x8000000000000000183851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f295549056209a62022-04-04 14:01:14.217root 11241100x8000000000000000183850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0844843fa7737162022-04-04 14:01:14.217root 11241100x8000000000000000183849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfcf0e8c870fd132022-04-04 14:01:14.217root 11241100x8000000000000000183848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb03dfe28c79106a2022-04-04 14:01:14.217root 11241100x8000000000000000183847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a959a0ceedbfb82b2022-04-04 14:01:14.217root 11241100x8000000000000000183846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.217{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f46b9e6d64a90fc2022-04-04 14:01:14.217root 11241100x8000000000000000183862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edb4eb7d2270a402022-04-04 14:01:14.516root 11241100x8000000000000000183861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735d466031b9d11d2022-04-04 14:01:14.516root 11241100x8000000000000000183860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9177784a14f70482022-04-04 14:01:14.516root 11241100x8000000000000000183859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881051eb059021382022-04-04 14:01:14.516root 11241100x8000000000000000183858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a599b7872b00962022-04-04 14:01:14.516root 11241100x8000000000000000183857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7468d73d78c77f022022-04-04 14:01:14.516root 11241100x8000000000000000183856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1f334e7e82f9472022-04-04 14:01:14.516root 11241100x8000000000000000183855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.516{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2eb635a210ecd62022-04-04 14:01:14.516root 11241100x8000000000000000183872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64886f052ad1ee152022-04-04 14:01:14.517root 11241100x8000000000000000183871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d27701f33f92092022-04-04 14:01:14.517root 11241100x8000000000000000183870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733b04259e8df85d2022-04-04 14:01:14.517root 11241100x8000000000000000183869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852d246d526be2e72022-04-04 14:01:14.517root 11241100x8000000000000000183868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07033297cc01474c2022-04-04 14:01:14.517root 11241100x8000000000000000183867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445e1c0d6b8082f42022-04-04 14:01:14.517root 11241100x8000000000000000183866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc07096c67f981b2022-04-04 14:01:14.517root 11241100x8000000000000000183865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b669604065b45b532022-04-04 14:01:14.517root 11241100x8000000000000000183864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc95b6b66fd35cf2022-04-04 14:01:14.517root 11241100x8000000000000000183863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.517{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e2b4e8a4fdbfea2022-04-04 14:01:14.517root 11241100x8000000000000000183883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e679d2230f60644b2022-04-04 14:01:14.518root 11241100x8000000000000000183882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c6754352f926fc2022-04-04 14:01:14.518root 11241100x8000000000000000183881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8e60df641926b32022-04-04 14:01:14.518root 11241100x8000000000000000183880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcba6b3313aa6cb82022-04-04 14:01:14.518root 11241100x8000000000000000183879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9701dca81459a7e32022-04-04 14:01:14.518root 11241100x8000000000000000183878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a692cc1627029f82022-04-04 14:01:14.518root 11241100x8000000000000000183877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeece18bf2eaead2022-04-04 14:01:14.518root 11241100x8000000000000000183876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b5e838174e3caf2022-04-04 14:01:14.518root 11241100x8000000000000000183875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff94b87d1729382d2022-04-04 14:01:14.518root 11241100x8000000000000000183874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c55cf158cf1e9c2022-04-04 14:01:14.518root 11241100x8000000000000000183873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.518{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbc3d6d74852e0f2022-04-04 14:01:14.518root 11241100x8000000000000000183888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.519{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9758eaa2a021f75f2022-04-04 14:01:14.519root 11241100x8000000000000000183887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.519{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e298520885eb2c12022-04-04 14:01:14.519root 11241100x8000000000000000183886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.519{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98e8500bbeef1ba2022-04-04 14:01:14.519root 11241100x8000000000000000183885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.519{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31183f3da86a0962022-04-04 14:01:14.519root 11241100x8000000000000000183884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.519{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81375770a0393da2022-04-04 14:01:14.519root 11241100x8000000000000000183894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.520{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dfa63a5e5605c32022-04-04 14:01:14.520root 11241100x8000000000000000183893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.520{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e848308c60d9f242022-04-04 14:01:14.520root 11241100x8000000000000000183892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.520{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdba0887ea4f7ab2022-04-04 14:01:14.520root 11241100x8000000000000000183891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.520{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901040290228359a2022-04-04 14:01:14.520root 11241100x8000000000000000183890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.520{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0d4765458b3e372022-04-04 14:01:14.520root 11241100x8000000000000000183889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.520{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb751abadaee52642022-04-04 14:01:14.520root 11241100x8000000000000000183898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.521{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c90c21dada81c8d2022-04-04 14:01:14.521root 11241100x8000000000000000183897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.521{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a3e1040a06a8342022-04-04 14:01:14.521root 11241100x8000000000000000183896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.521{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee3d3eb493cbdd62022-04-04 14:01:14.521root 11241100x8000000000000000183895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.521{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82410841c8223c4d2022-04-04 14:01:14.521root 11241100x8000000000000000183901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.522{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26ecf7623bd853b2022-04-04 14:01:14.522root 11241100x8000000000000000183900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.522{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34cc85602ca757b2022-04-04 14:01:14.522root 11241100x8000000000000000183899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.522{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cccff30e8b45e12022-04-04 14:01:14.522root 11241100x8000000000000000183905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.523{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea61ede212f0cdb2022-04-04 14:01:14.523root 11241100x8000000000000000183904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.523{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f3220836e6b41b2022-04-04 14:01:14.523root 11241100x8000000000000000183903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.523{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc7e561c27e88ff2022-04-04 14:01:14.523root 11241100x8000000000000000183902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.523{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c70ac4c4bfdb092022-04-04 14:01:14.523root 11241100x8000000000000000183911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.524{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f38c1a9d3ab1442022-04-04 14:01:14.524root 11241100x8000000000000000183910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.524{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37df6888eb7606e2022-04-04 14:01:14.524root 11241100x8000000000000000183909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.524{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf00ffa1996db7692022-04-04 14:01:14.524root 11241100x8000000000000000183908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.524{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9760e59b0cdb7b2022-04-04 14:01:14.524root 11241100x8000000000000000183907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.524{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e324e00f5e1ce2022-04-04 14:01:14.524root 11241100x8000000000000000183906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.524{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a1a629892ebe162022-04-04 14:01:14.524root 11241100x8000000000000000183914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.525{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf64107ad1c298aa2022-04-04 14:01:14.525root 11241100x8000000000000000183913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.525{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451a5e6cf4f58c1e2022-04-04 14:01:14.525root 11241100x8000000000000000183912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.525{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d4757bfadd19192022-04-04 14:01:14.525root 534500x8000000000000000183915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.768{ec21797c-fa29-624a-0000-000000000000}5984-sshd 11241100x8000000000000000183918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.769{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcb759f76e2467c2022-04-04 14:01:14.769root 11241100x8000000000000000183917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.769{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6874541d6b562542022-04-04 14:01:14.769root 534500x8000000000000000183916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.769{ec21797c-fa29-624a-e047-070dbd550000}5983/usr/sbin/sshdroot 11241100x8000000000000000183922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.770{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d06a339d7e14f1c2022-04-04 14:01:14.770root 11241100x8000000000000000183921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.770{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9686d987d3360b2022-04-04 14:01:14.770root 11241100x8000000000000000183920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.770{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ba2ecfb16861a32022-04-04 14:01:14.770root 11241100x8000000000000000183919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.770{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cba6e71bd5c9902022-04-04 14:01:14.770root 11241100x8000000000000000183932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a531e11511f529c72022-04-04 14:01:14.771root 11241100x8000000000000000183931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4187943574bf95572022-04-04 14:01:14.771root 11241100x8000000000000000183930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7e051952ac511c2022-04-04 14:01:14.771root 11241100x8000000000000000183929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac125c978ac00542022-04-04 14:01:14.771root 11241100x8000000000000000183928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d1cda1b28b49012022-04-04 14:01:14.771root 11241100x8000000000000000183927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeb1b700a2d7e732022-04-04 14:01:14.771root 11241100x8000000000000000183926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9140bfb0f2a3b1ae2022-04-04 14:01:14.771root 11241100x8000000000000000183925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7544c74ae340ef602022-04-04 14:01:14.771root 11241100x8000000000000000183924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408af6b23f49086e2022-04-04 14:01:14.771root 11241100x8000000000000000183923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.771{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527e04af4b1574192022-04-04 14:01:14.771root 11241100x8000000000000000183941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a26650ebc5f02c2022-04-04 14:01:14.772root 11241100x8000000000000000183940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58f1360114be0052022-04-04 14:01:14.772root 11241100x8000000000000000183939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf8cd3141bfdb6e2022-04-04 14:01:14.772root 11241100x8000000000000000183938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe1fe3d5a7a43122022-04-04 14:01:14.772root 11241100x8000000000000000183937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648bee9cf886f16d2022-04-04 14:01:14.772root 11241100x8000000000000000183936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118ef7b980f86fe2022-04-04 14:01:14.772root 11241100x8000000000000000183935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7630ec254ed8246d2022-04-04 14:01:14.772root 11241100x8000000000000000183934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fff33f1c6aabd1e2022-04-04 14:01:14.772root 11241100x8000000000000000183933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.772{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d53d8781fc7c522022-04-04 14:01:14.772root 11241100x8000000000000000183945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.773{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc007bfdd220152022-04-04 14:01:14.773root 11241100x8000000000000000183944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.773{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0dde87b3caa3d82022-04-04 14:01:14.773root 11241100x8000000000000000183943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.773{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc17d076a8bf90fb2022-04-04 14:01:14.773root 11241100x8000000000000000183942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:14.773{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecb473c5ebfd7b92022-04-04 14:01:14.773root 11241100x8000000000000000183953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2108a25df718095d2022-04-04 14:01:15.078root 11241100x8000000000000000183952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50b55832bf580df2022-04-04 14:01:15.078root 11241100x8000000000000000183951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658263cca1ea53b82022-04-04 14:01:15.078root 11241100x8000000000000000183950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec17198a3439edc2022-04-04 14:01:15.078root 11241100x8000000000000000183949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2671fa91b378742022-04-04 14:01:15.078root 11241100x8000000000000000183948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f667581431e719a2022-04-04 14:01:15.078root 11241100x8000000000000000183947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e3ed0ba1a6a3142022-04-04 14:01:15.078root 11241100x8000000000000000183946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4d5bc0eacae0c2022-04-04 14:01:15.078root 11241100x8000000000000000183963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fcdfa8e73a32252022-04-04 14:01:15.079root 11241100x8000000000000000183962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a08ac5dc7db2b692022-04-04 14:01:15.079root 11241100x8000000000000000183961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bdacd77d41e5112022-04-04 14:01:15.079root 11241100x8000000000000000183960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5180a9dfd67182c82022-04-04 14:01:15.079root 11241100x8000000000000000183959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4104b105b0f718762022-04-04 14:01:15.079root 11241100x8000000000000000183958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4ea396efe9f1592022-04-04 14:01:15.079root 11241100x8000000000000000183957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084d041093fc54e22022-04-04 14:01:15.079root 11241100x8000000000000000183956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eb543eda110c512022-04-04 14:01:15.079root 11241100x8000000000000000183955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a564f035a33233082022-04-04 14:01:15.079root 11241100x8000000000000000183954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0a1e1dc5b654552022-04-04 14:01:15.079root 11241100x8000000000000000183973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1495dcce91917362022-04-04 14:01:15.080root 11241100x8000000000000000183972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeaee81b55f385fa2022-04-04 14:01:15.080root 11241100x8000000000000000183971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296000be47aac3982022-04-04 14:01:15.080root 11241100x8000000000000000183970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9093650d298e4f22022-04-04 14:01:15.080root 11241100x8000000000000000183969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d02289409407b32022-04-04 14:01:15.080root 11241100x8000000000000000183968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94787dc5ec513902022-04-04 14:01:15.080root 11241100x8000000000000000183967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b954f614c8373e2022-04-04 14:01:15.080root 11241100x8000000000000000183966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b5930ccf5fe302022-04-04 14:01:15.080root 11241100x8000000000000000183965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50a3dc823d44b712022-04-04 14:01:15.080root 11241100x8000000000000000183964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a72189ff1bfd3982022-04-04 14:01:15.080root 11241100x8000000000000000183974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805b95f7abd071852022-04-04 14:01:15.081root 11241100x8000000000000000183975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d2a95d8f976e422022-04-04 14:01:15.576root 11241100x8000000000000000183984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db68c62ec09de7b02022-04-04 14:01:15.577root 11241100x8000000000000000183983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c027658d5594ef402022-04-04 14:01:15.577root 11241100x8000000000000000183982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6d743b90a0f0b12022-04-04 14:01:15.577root 11241100x8000000000000000183981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5574d01edc23bef2022-04-04 14:01:15.577root 11241100x8000000000000000183980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9847ce74de2ccb22022-04-04 14:01:15.577root 11241100x8000000000000000183979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1051e5eb21c01ac12022-04-04 14:01:15.577root 11241100x8000000000000000183978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627c245c50933042022-04-04 14:01:15.577root 11241100x8000000000000000183977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49a7602fe6c14d2022-04-04 14:01:15.577root 11241100x8000000000000000183976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2e101ddd1707b82022-04-04 14:01:15.577root 11241100x8000000000000000183994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79c014d87f91c612022-04-04 14:01:15.578root 11241100x8000000000000000183993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725dc0758dcdf5c82022-04-04 14:01:15.578root 11241100x8000000000000000183992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f137993c720b05802022-04-04 14:01:15.578root 11241100x8000000000000000183991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b55fe0c70c7dca2022-04-04 14:01:15.578root 11241100x8000000000000000183990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401bbca0abb5a9b82022-04-04 14:01:15.578root 11241100x8000000000000000183989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c5973c8e5752f82022-04-04 14:01:15.578root 11241100x8000000000000000183988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f690a021fad1e12022-04-04 14:01:15.578root 11241100x8000000000000000183987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b829bea452f39dd02022-04-04 14:01:15.578root 11241100x8000000000000000183986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ab71b1da95dc2b2022-04-04 14:01:15.578root 11241100x8000000000000000183985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c16f1c1d0f8bcd2022-04-04 14:01:15.578root 11241100x8000000000000000184003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becdb4e9e610105f2022-04-04 14:01:15.579root 11241100x8000000000000000184002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c789aaf347217bc82022-04-04 14:01:15.579root 11241100x8000000000000000184001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744021fe075be91b2022-04-04 14:01:15.579root 11241100x8000000000000000184000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f16b0dcabdc46a02022-04-04 14:01:15.579root 11241100x8000000000000000183999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1dfedc55f118f02022-04-04 14:01:15.579root 11241100x8000000000000000183998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40e9437e64232d32022-04-04 14:01:15.579root 11241100x8000000000000000183997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e0878aff94a56d2022-04-04 14:01:15.579root 11241100x8000000000000000183996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7b83dea019df792022-04-04 14:01:15.579root 11241100x8000000000000000183995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4693b92bef5e6ac2022-04-04 14:01:15.579root 11241100x8000000000000000184013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60833f9682a7ddec2022-04-04 14:01:15.580root 11241100x8000000000000000184012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c925a2a757766702022-04-04 14:01:15.580root 11241100x8000000000000000184011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11454020dea38022022-04-04 14:01:15.580root 11241100x8000000000000000184010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3fc358b2f9fc502022-04-04 14:01:15.580root 11241100x8000000000000000184009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ee891f0bcdbfac2022-04-04 14:01:15.580root 11241100x8000000000000000184008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5ec922d1b20ea02022-04-04 14:01:15.580root 11241100x8000000000000000184007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda6bce0926279812022-04-04 14:01:15.580root 11241100x8000000000000000184006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c7e4bfa03ade5d2022-04-04 14:01:15.580root 11241100x8000000000000000184005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5180e5949b157b12022-04-04 14:01:15.580root 11241100x8000000000000000184004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0353328f381f23112022-04-04 14:01:15.580root 11241100x8000000000000000184014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:15.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d137a550002f79f92022-04-04 14:01:15.581root 11241100x8000000000000000184020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e062507353589972022-04-04 14:01:16.077root 11241100x8000000000000000184019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c76571fed8cb6c2022-04-04 14:01:16.077root 11241100x8000000000000000184018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af7ad1a5970caee2022-04-04 14:01:16.077root 11241100x8000000000000000184017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87cd061c46ffab92022-04-04 14:01:16.077root 11241100x8000000000000000184016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85c5aa86c4fdd872022-04-04 14:01:16.077root 11241100x8000000000000000184015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb89dd396457df32022-04-04 14:01:16.077root 11241100x8000000000000000184030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccb922f0e40e4b52022-04-04 14:01:16.078root 11241100x8000000000000000184029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017e9bab4eb04a452022-04-04 14:01:16.078root 11241100x8000000000000000184028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70018d1645c322542022-04-04 14:01:16.078root 11241100x8000000000000000184027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ae633d2407fc112022-04-04 14:01:16.078root 11241100x8000000000000000184026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ec46e502f9a4c02022-04-04 14:01:16.078root 11241100x8000000000000000184025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c065dd4c5c523652022-04-04 14:01:16.078root 11241100x8000000000000000184024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b1681acc03953f2022-04-04 14:01:16.078root 11241100x8000000000000000184023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6803341bee650f7f2022-04-04 14:01:16.078root 11241100x8000000000000000184022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df6771b601ff0fe2022-04-04 14:01:16.078root 11241100x8000000000000000184021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6098d782aace215b2022-04-04 14:01:16.078root 11241100x8000000000000000184034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d222693bd30600692022-04-04 14:01:16.079root 11241100x8000000000000000184033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660f67b8382f1f412022-04-04 14:01:16.079root 11241100x8000000000000000184032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d47f8e3e92d2d62022-04-04 14:01:16.079root 11241100x8000000000000000184031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83220fca9216cfb72022-04-04 14:01:16.079root 11241100x8000000000000000184038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ce6658d868df182022-04-04 14:01:16.080root 11241100x8000000000000000184037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0945c533063ebb432022-04-04 14:01:16.080root 11241100x8000000000000000184036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e749ef22cfd861a62022-04-04 14:01:16.080root 11241100x8000000000000000184035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da50c32d20444392022-04-04 14:01:16.080root 11241100x8000000000000000184043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e79543007dba92022-04-04 14:01:16.081root 11241100x8000000000000000184042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75719b430d50eac2022-04-04 14:01:16.081root 11241100x8000000000000000184041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219b25a042a05b782022-04-04 14:01:16.081root 11241100x8000000000000000184040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e148d491ae46f52022-04-04 14:01:16.081root 11241100x8000000000000000184039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb3ecac1153e7552022-04-04 14:01:16.081root 11241100x8000000000000000184044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48104d6fc12280952022-04-04 14:01:16.576root 11241100x8000000000000000184050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a242a23b836c4d92022-04-04 14:01:16.577root 11241100x8000000000000000184049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4be5738137ffe112022-04-04 14:01:16.577root 11241100x8000000000000000184048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323510aaa999f8f82022-04-04 14:01:16.577root 11241100x8000000000000000184047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9912dc6acd2018522022-04-04 14:01:16.577root 11241100x8000000000000000184046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a894c829a59f871e2022-04-04 14:01:16.577root 11241100x8000000000000000184045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec07e87007582162022-04-04 14:01:16.577root 11241100x8000000000000000184055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bcc434dc05fec12022-04-04 14:01:16.578root 11241100x8000000000000000184054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c667665448008fbc2022-04-04 14:01:16.578root 11241100x8000000000000000184053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f36dc182057f7f72022-04-04 14:01:16.578root 11241100x8000000000000000184052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edac2b2c1bccd9b02022-04-04 14:01:16.578root 11241100x8000000000000000184051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc225a44bd371c402022-04-04 14:01:16.578root 11241100x8000000000000000184066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83515971cb049e752022-04-04 14:01:16.579root 11241100x8000000000000000184065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecf7f0db44a4ad22022-04-04 14:01:16.579root 11241100x8000000000000000184064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e3a6624ad457f22022-04-04 14:01:16.579root 11241100x8000000000000000184063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f65f30973ffb69a2022-04-04 14:01:16.579root 11241100x8000000000000000184062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d5ed87e48171e52022-04-04 14:01:16.579root 11241100x8000000000000000184061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa600fe48f77c402022-04-04 14:01:16.579root 11241100x8000000000000000184060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87449623129e5502022-04-04 14:01:16.579root 11241100x8000000000000000184059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b857d4176cc76c192022-04-04 14:01:16.579root 11241100x8000000000000000184058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec08809396773fcc2022-04-04 14:01:16.579root 11241100x8000000000000000184057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8382779cdc4c5b02022-04-04 14:01:16.579root 11241100x8000000000000000184056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e845f2dc7ee0cfd2022-04-04 14:01:16.579root 11241100x8000000000000000184072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04855e9a852b3f652022-04-04 14:01:16.580root 11241100x8000000000000000184071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69b0d64393573d32022-04-04 14:01:16.580root 11241100x8000000000000000184070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78699888b4a6ca8b2022-04-04 14:01:16.580root 11241100x8000000000000000184069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357497e79d6582742022-04-04 14:01:16.580root 11241100x8000000000000000184068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd2405d3569c7f02022-04-04 14:01:16.580root 11241100x8000000000000000184067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b8f76d42c678b42022-04-04 14:01:16.580root 11241100x8000000000000000184079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cffc9923b24a092022-04-04 14:01:16.581root 11241100x8000000000000000184078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7529e334a7b08fd52022-04-04 14:01:16.581root 11241100x8000000000000000184077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc47275c6fbc7ac2022-04-04 14:01:16.581root 11241100x8000000000000000184076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca42c6fd221ea3702022-04-04 14:01:16.581root 11241100x8000000000000000184075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fa0bdb05705b5f2022-04-04 14:01:16.581root 11241100x8000000000000000184074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ee4d41e6c8be0d2022-04-04 14:01:16.581root 11241100x8000000000000000184073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:16.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8cf36448f651442022-04-04 14:01:16.581root 11241100x8000000000000000184084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07ba444d862f8a72022-04-04 14:01:17.077root 11241100x8000000000000000184083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5c6dc84e02a8c92022-04-04 14:01:17.077root 11241100x8000000000000000184082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df29f0b1fac52872022-04-04 14:01:17.077root 11241100x8000000000000000184081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38310cc60eaa1c02022-04-04 14:01:17.077root 11241100x8000000000000000184080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc816162c8d0e402022-04-04 14:01:17.077root 11241100x8000000000000000184098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1c5bbe3c32e7ff2022-04-04 14:01:17.078root 11241100x8000000000000000184097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda773d7b0a72d5b2022-04-04 14:01:17.078root 11241100x8000000000000000184096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae81dc3b5519b482022-04-04 14:01:17.078root 11241100x8000000000000000184095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a1bc90aad817172022-04-04 14:01:17.078root 11241100x8000000000000000184094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7a19ab618ab8682022-04-04 14:01:17.078root 11241100x8000000000000000184093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a829a961e3c41802022-04-04 14:01:17.078root 11241100x8000000000000000184092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cc16b6631a94ce2022-04-04 14:01:17.078root 11241100x8000000000000000184091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78edaa6fe0e66e652022-04-04 14:01:17.078root 11241100x8000000000000000184090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae87a3061693e902022-04-04 14:01:17.078root 11241100x8000000000000000184089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46538afdb77c5d3b2022-04-04 14:01:17.078root 11241100x8000000000000000184088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec12b90ebe417ea2022-04-04 14:01:17.078root 11241100x8000000000000000184087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ee4becf74f79122022-04-04 14:01:17.078root 11241100x8000000000000000184086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5184e26a324663f22022-04-04 14:01:17.078root 11241100x8000000000000000184085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e6b396d8cd6182022-04-04 14:01:17.078root 11241100x8000000000000000184108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6871b71dc5b70542022-04-04 14:01:17.079root 11241100x8000000000000000184107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4ea91ea30668202022-04-04 14:01:17.079root 11241100x8000000000000000184106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33eac1f0adeb1c92022-04-04 14:01:17.079root 11241100x8000000000000000184105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923f74b3a0b215fe2022-04-04 14:01:17.079root 11241100x8000000000000000184104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4c409a22057cf2022-04-04 14:01:17.079root 11241100x8000000000000000184103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dbe67996e531e32022-04-04 14:01:17.079root 11241100x8000000000000000184102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3771b5da2549dee42022-04-04 14:01:17.079root 11241100x8000000000000000184101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50e1ab456c9c5992022-04-04 14:01:17.079root 11241100x8000000000000000184100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e075a8b85385a942022-04-04 14:01:17.079root 11241100x8000000000000000184099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf683e4899b426bf2022-04-04 14:01:17.079root 11241100x8000000000000000184116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b6dc001b7f9072022-04-04 14:01:17.577root 11241100x8000000000000000184115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5622dc9a0259932022-04-04 14:01:17.577root 11241100x8000000000000000184114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a742c1f7cdb549a2022-04-04 14:01:17.577root 11241100x8000000000000000184113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a76fea84382682022-04-04 14:01:17.577root 11241100x8000000000000000184112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bf4472edf6cc512022-04-04 14:01:17.577root 11241100x8000000000000000184111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aacefb23f5fedab2022-04-04 14:01:17.577root 11241100x8000000000000000184110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1c52b0125d91c12022-04-04 14:01:17.577root 11241100x8000000000000000184109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2973463faf20c86a2022-04-04 14:01:17.577root 11241100x8000000000000000184122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be94622991887e412022-04-04 14:01:17.578root 11241100x8000000000000000184121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51406852585bbb122022-04-04 14:01:17.578root 11241100x8000000000000000184120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98309a60d192302022-04-04 14:01:17.578root 11241100x8000000000000000184119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfca0acb3bac68d2022-04-04 14:01:17.578root 11241100x8000000000000000184118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d7789b966200ae2022-04-04 14:01:17.578root 11241100x8000000000000000184117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacccf5528509d982022-04-04 14:01:17.578root 11241100x8000000000000000184133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997c4df83b8229572022-04-04 14:01:17.579root 11241100x8000000000000000184132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01027b61a560cd22022-04-04 14:01:17.579root 11241100x8000000000000000184131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7c84e34202a0022022-04-04 14:01:17.579root 11241100x8000000000000000184130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e5f351de63b3b22022-04-04 14:01:17.579root 11241100x8000000000000000184129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75e0f0afe8a626e2022-04-04 14:01:17.579root 11241100x8000000000000000184128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205ec7f4a79bc7d22022-04-04 14:01:17.579root 11241100x8000000000000000184127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b66576489beea2022-04-04 14:01:17.579root 11241100x8000000000000000184126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21661c67ddf7f71e2022-04-04 14:01:17.579root 11241100x8000000000000000184125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9a7b8517397b7e2022-04-04 14:01:17.579root 11241100x8000000000000000184124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992e62db964a7422022-04-04 14:01:17.579root 11241100x8000000000000000184123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141ade0ecc6b66a22022-04-04 14:01:17.579root 11241100x8000000000000000184137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1a15697720955e2022-04-04 14:01:17.580root 11241100x8000000000000000184136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9e6f48163941842022-04-04 14:01:17.580root 11241100x8000000000000000184135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6f8da3c4f394f02022-04-04 14:01:17.580root 11241100x8000000000000000184134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:17.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e06438d970781b82022-04-04 14:01:17.580root 11241100x8000000000000000184149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88e76568ee75ab72022-04-04 14:01:18.077root 11241100x8000000000000000184148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c90a03c16d4db9e2022-04-04 14:01:18.077root 11241100x8000000000000000184147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8dd9a2f8a710892022-04-04 14:01:18.077root 11241100x8000000000000000184146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd016b280120981c2022-04-04 14:01:18.077root 11241100x8000000000000000184145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168059000e9cc1cd2022-04-04 14:01:18.077root 11241100x8000000000000000184144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b516ed13d1351d2022-04-04 14:01:18.077root 11241100x8000000000000000184143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309e6c3e9d4c452d2022-04-04 14:01:18.077root 11241100x8000000000000000184142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1c1bd0702e002f2022-04-04 14:01:18.077root 11241100x8000000000000000184141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83e368c8eb150232022-04-04 14:01:18.077root 11241100x8000000000000000184140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fd80020544e0ee2022-04-04 14:01:18.077root 11241100x8000000000000000184139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6388e2655926f72022-04-04 14:01:18.077root 11241100x8000000000000000184138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b9b8d92b7798c82022-04-04 14:01:18.077root 11241100x8000000000000000184162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfce05a68c9ec2842022-04-04 14:01:18.078root 11241100x8000000000000000184161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0830baf3aa5e17a22022-04-04 14:01:18.078root 11241100x8000000000000000184160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b89818f0dcb822e2022-04-04 14:01:18.078root 11241100x8000000000000000184159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01958a3b1069c102022-04-04 14:01:18.078root 11241100x8000000000000000184158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090b44a3e4f716f52022-04-04 14:01:18.078root 11241100x8000000000000000184157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66f6204f471ac662022-04-04 14:01:18.078root 11241100x8000000000000000184156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f47f7bf2b37f922022-04-04 14:01:18.078root 11241100x8000000000000000184155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5717d2ee5a89a42022-04-04 14:01:18.078root 11241100x8000000000000000184154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef81491ae035dc132022-04-04 14:01:18.078root 11241100x8000000000000000184153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca65a2b3d08d55c32022-04-04 14:01:18.078root 11241100x8000000000000000184152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd7de2e90ee71572022-04-04 14:01:18.078root 11241100x8000000000000000184151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce95c43e95d478582022-04-04 14:01:18.078root 11241100x8000000000000000184150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859401cf16dcad912022-04-04 14:01:18.078root 11241100x8000000000000000184166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9544f46f22e2c7122022-04-04 14:01:18.079root 11241100x8000000000000000184165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b8aa1fe2fba5c02022-04-04 14:01:18.079root 11241100x8000000000000000184164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3c133f5fe50e012022-04-04 14:01:18.079root 11241100x8000000000000000184163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432b16fd692a34b12022-04-04 14:01:18.079root 11241100x8000000000000000184172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9e826efa4b1a162022-04-04 14:01:18.577root 11241100x8000000000000000184171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f400c58234d13b2b2022-04-04 14:01:18.577root 11241100x8000000000000000184170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b68ed19dfeb84b2022-04-04 14:01:18.577root 11241100x8000000000000000184169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee11977f01803a7c2022-04-04 14:01:18.577root 11241100x8000000000000000184168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90a87b74d84146d2022-04-04 14:01:18.577root 11241100x8000000000000000184167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cb8143ec89f33f2022-04-04 14:01:18.577root 11241100x8000000000000000184174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796674fe42e8ee352022-04-04 14:01:18.578root 11241100x8000000000000000184173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f062d4bbbdf5e5c2022-04-04 14:01:18.578root 11241100x8000000000000000184178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116da4ab38a631f42022-04-04 14:01:18.579root 11241100x8000000000000000184177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d764d6f0d1cfb1872022-04-04 14:01:18.579root 11241100x8000000000000000184176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408fcf93908003762022-04-04 14:01:18.579root 11241100x8000000000000000184175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aad768aba579dd2022-04-04 14:01:18.579root 11241100x8000000000000000184184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3703b6140d0be9222022-04-04 14:01:18.580root 11241100x8000000000000000184183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8741e0c0e6618a8f2022-04-04 14:01:18.580root 11241100x8000000000000000184182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58cc40c274350ae2022-04-04 14:01:18.580root 11241100x8000000000000000184181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b59303bf41f8882022-04-04 14:01:18.580root 11241100x8000000000000000184180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e953fd8ad6a8f7952022-04-04 14:01:18.580root 11241100x8000000000000000184179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6e28dcee482032022-04-04 14:01:18.580root 11241100x8000000000000000184186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b646ed9855a6782022-04-04 14:01:18.581root 11241100x8000000000000000184185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdff2ccc6992c4602022-04-04 14:01:18.581root 11241100x8000000000000000184188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc07c448a554db62022-04-04 14:01:18.582root 11241100x8000000000000000184187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88b38fd626041ce2022-04-04 14:01:18.582root 11241100x8000000000000000184190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f140ddd7a10cd91d2022-04-04 14:01:18.583root 11241100x8000000000000000184189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa9525e64f2aeb12022-04-04 14:01:18.583root 11241100x8000000000000000184191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.586{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0182c25866b68b72022-04-04 14:01:18.586root 11241100x8000000000000000184192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.587{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268c9e051d30bd0f2022-04-04 14:01:18.587root 11241100x8000000000000000184193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.588{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ded58e570c10cb2022-04-04 14:01:18.588root 11241100x8000000000000000184195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.589{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef1f58dfccf1e872022-04-04 14:01:18.589root 11241100x8000000000000000184194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:18.589{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8cd4e98f0636fa2022-04-04 14:01:18.589root 11241100x8000000000000000184196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d454175381db222022-04-04 14:01:19.076root 11241100x8000000000000000184204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78cdef9ce7a29f02022-04-04 14:01:19.077root 11241100x8000000000000000184203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc57937df6ee1cf32022-04-04 14:01:19.077root 11241100x8000000000000000184202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9e561502b90af82022-04-04 14:01:19.077root 11241100x8000000000000000184201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70cf5273efc211a2022-04-04 14:01:19.077root 11241100x8000000000000000184200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3466cf9b02e62a2022-04-04 14:01:19.077root 11241100x8000000000000000184199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e904a720ecc6392022-04-04 14:01:19.077root 11241100x8000000000000000184198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1774fa0cffd036af2022-04-04 14:01:19.077root 11241100x8000000000000000184197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a77f3460caf27a52022-04-04 14:01:19.077root 11241100x8000000000000000184219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ed557b1a4cf9e22022-04-04 14:01:19.078root 11241100x8000000000000000184218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5bce0631c9288a2022-04-04 14:01:19.078root 11241100x8000000000000000184217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9979bd4b38dbcac32022-04-04 14:01:19.078root 11241100x8000000000000000184216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b839287598d4e13e2022-04-04 14:01:19.078root 11241100x8000000000000000184215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f120d125eccc0f862022-04-04 14:01:19.078root 11241100x8000000000000000184214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de350726f66a54a2022-04-04 14:01:19.078root 11241100x8000000000000000184213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7890004f1a72fc2022-04-04 14:01:19.078root 11241100x8000000000000000184212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40baa39dc3ac2a6f2022-04-04 14:01:19.078root 11241100x8000000000000000184211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cd5cc7506db6ce2022-04-04 14:01:19.078root 11241100x8000000000000000184210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589d64c2a0d0efe82022-04-04 14:01:19.078root 11241100x8000000000000000184209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9945e87f8a8d242022-04-04 14:01:19.078root 11241100x8000000000000000184208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c61022c31b21f512022-04-04 14:01:19.078root 11241100x8000000000000000184207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05f6b91e3f18e832022-04-04 14:01:19.078root 11241100x8000000000000000184206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d312ce0f9409f1262022-04-04 14:01:19.078root 11241100x8000000000000000184205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510180f923383bc62022-04-04 14:01:19.078root 11241100x8000000000000000184226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f910c22358a9ce2022-04-04 14:01:19.079root 11241100x8000000000000000184225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4602636f78ead6a82022-04-04 14:01:19.079root 11241100x8000000000000000184224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ee344adbe7ea422022-04-04 14:01:19.079root 11241100x8000000000000000184223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e087ae006bfe152022-04-04 14:01:19.079root 11241100x8000000000000000184222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02b3fd82a56f0012022-04-04 14:01:19.079root 11241100x8000000000000000184221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c7ae0a26e60f9c2022-04-04 14:01:19.079root 11241100x8000000000000000184220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87af2af219cd047a2022-04-04 14:01:19.079root 11241100x8000000000000000184235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1bc619a0729bb02022-04-04 14:01:19.577root 11241100x8000000000000000184234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30506d756fb7ec92022-04-04 14:01:19.577root 11241100x8000000000000000184233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8299803fc4b0b1712022-04-04 14:01:19.577root 11241100x8000000000000000184232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6f918c909200b92022-04-04 14:01:19.577root 11241100x8000000000000000184231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b0578311f367342022-04-04 14:01:19.577root 11241100x8000000000000000184230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85acf66f9155da7c2022-04-04 14:01:19.577root 11241100x8000000000000000184229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a1233ddddc77002022-04-04 14:01:19.577root 11241100x8000000000000000184228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5007d798d6c8544d2022-04-04 14:01:19.577root 11241100x8000000000000000184227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687164349b089282022-04-04 14:01:19.577root 11241100x8000000000000000184250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae7e2c211e8a0cc2022-04-04 14:01:19.578root 11241100x8000000000000000184249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d850d583469cf0182022-04-04 14:01:19.578root 11241100x8000000000000000184248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea904d72a69f7ea2022-04-04 14:01:19.578root 11241100x8000000000000000184247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2da21181f980232022-04-04 14:01:19.578root 11241100x8000000000000000184246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6245833e3635e1a32022-04-04 14:01:19.578root 11241100x8000000000000000184245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd19c9b803347fbc2022-04-04 14:01:19.578root 11241100x8000000000000000184244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2747aee837a1700c2022-04-04 14:01:19.578root 11241100x8000000000000000184243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e328dbbd13c8ad422022-04-04 14:01:19.578root 11241100x8000000000000000184242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62db8ff43c00450b2022-04-04 14:01:19.578root 11241100x8000000000000000184241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a936a639d457c52022-04-04 14:01:19.578root 11241100x8000000000000000184240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f0975fbffac9cd2022-04-04 14:01:19.578root 11241100x8000000000000000184239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf859182945c0ae2022-04-04 14:01:19.578root 11241100x8000000000000000184238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89534783645a04d2022-04-04 14:01:19.578root 11241100x8000000000000000184237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95221e27f31f07c42022-04-04 14:01:19.578root 11241100x8000000000000000184236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a835b4a977adce2022-04-04 14:01:19.578root 11241100x8000000000000000184255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74322e825c28e392022-04-04 14:01:19.579root 11241100x8000000000000000184254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1705305228b459a42022-04-04 14:01:19.579root 11241100x8000000000000000184253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139bf101cfbb81cd2022-04-04 14:01:19.579root 11241100x8000000000000000184252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037b0ea304a14fce2022-04-04 14:01:19.579root 11241100x8000000000000000184251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:19.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a6a49aacf353e42022-04-04 14:01:19.579root 11241100x8000000000000000184263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71a0cb1d22378822022-04-04 14:01:20.077root 11241100x8000000000000000184262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d413bfa07f2c592022-04-04 14:01:20.077root 11241100x8000000000000000184261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb22337496a30d62022-04-04 14:01:20.077root 11241100x8000000000000000184260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff07559964abf982022-04-04 14:01:20.077root 11241100x8000000000000000184259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3ee3f1378b31e52022-04-04 14:01:20.077root 11241100x8000000000000000184258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b5f583adb58ff32022-04-04 14:01:20.077root 11241100x8000000000000000184257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63af7295fee6ac112022-04-04 14:01:20.077root 11241100x8000000000000000184256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a8f9f25c7f1262022-04-04 14:01:20.077root 11241100x8000000000000000184278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c22621f7181a8122022-04-04 14:01:20.078root 11241100x8000000000000000184277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d48dde4adfed64a2022-04-04 14:01:20.078root 11241100x8000000000000000184276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db92c42994dc85f62022-04-04 14:01:20.078root 11241100x8000000000000000184275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833eab7f18c6e97d2022-04-04 14:01:20.078root 11241100x8000000000000000184274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c288d01a4f84fd7f2022-04-04 14:01:20.078root 11241100x8000000000000000184273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b8ea0f9728b1932022-04-04 14:01:20.078root 11241100x8000000000000000184272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92e93f01f450aae2022-04-04 14:01:20.078root 11241100x8000000000000000184271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188a2d1935a851502022-04-04 14:01:20.078root 11241100x8000000000000000184270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637a113b7efecd132022-04-04 14:01:20.078root 11241100x8000000000000000184269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa82d828a0145c0d2022-04-04 14:01:20.078root 11241100x8000000000000000184268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029ccd9edb92856f2022-04-04 14:01:20.078root 11241100x8000000000000000184267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd80cf683b52db32022-04-04 14:01:20.078root 11241100x8000000000000000184266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fe6b1ef4d2be5e2022-04-04 14:01:20.078root 11241100x8000000000000000184265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b7d552a928410a2022-04-04 14:01:20.078root 11241100x8000000000000000184264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4500788bae3fb17c2022-04-04 14:01:20.078root 11241100x8000000000000000184284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0774a023df3fbb52022-04-04 14:01:20.079root 11241100x8000000000000000184283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e68768a4a8e4092022-04-04 14:01:20.079root 11241100x8000000000000000184282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7b17aa305729ef2022-04-04 14:01:20.079root 11241100x8000000000000000184281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf62fdb90bdfc322022-04-04 14:01:20.079root 11241100x8000000000000000184280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5031ffee8f36bbcc2022-04-04 14:01:20.079root 11241100x8000000000000000184279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff8d77b3a15405a2022-04-04 14:01:20.079root 354300x8000000000000000184285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.200{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34458-false10.0.1.12-8000- 11241100x8000000000000000184286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a885c647a57a7d6a2022-04-04 14:01:20.576root 11241100x8000000000000000184295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cff95d469964aba2022-04-04 14:01:20.577root 11241100x8000000000000000184294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c066456ed3245ee32022-04-04 14:01:20.577root 11241100x8000000000000000184293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18937624549edff72022-04-04 14:01:20.577root 11241100x8000000000000000184292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b6fe3e6c680d7d2022-04-04 14:01:20.577root 11241100x8000000000000000184291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac58a66d269fb072022-04-04 14:01:20.577root 11241100x8000000000000000184290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162e9318d4e7018e2022-04-04 14:01:20.577root 11241100x8000000000000000184289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67e2470da89404c2022-04-04 14:01:20.577root 11241100x8000000000000000184288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfdbed7ed88c8f22022-04-04 14:01:20.577root 11241100x8000000000000000184287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bf9e30ab5651492022-04-04 14:01:20.577root 11241100x8000000000000000184304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25318cee18f4e08b2022-04-04 14:01:20.578root 11241100x8000000000000000184303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1469419ae7ac72c2022-04-04 14:01:20.578root 11241100x8000000000000000184302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f9d575e555a2e22022-04-04 14:01:20.578root 11241100x8000000000000000184301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880e22b5dfbfc1a12022-04-04 14:01:20.578root 11241100x8000000000000000184300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee99a97b95fbf7312022-04-04 14:01:20.578root 11241100x8000000000000000184299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e92251f576c6912022-04-04 14:01:20.578root 11241100x8000000000000000184298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75b7b0ac38bb97b2022-04-04 14:01:20.578root 11241100x8000000000000000184297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55158f8270105bc02022-04-04 14:01:20.578root 11241100x8000000000000000184296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346a4ec173b4b20e2022-04-04 14:01:20.578root 11241100x8000000000000000184317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d73f96fc0c81172022-04-04 14:01:20.579root 11241100x8000000000000000184316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2704bd029ddcb02022-04-04 14:01:20.579root 11241100x8000000000000000184315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2e4da6ce08bf392022-04-04 14:01:20.579root 11241100x8000000000000000184314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9752c0a728fb00512022-04-04 14:01:20.579root 11241100x8000000000000000184313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a0416e14e035fb2022-04-04 14:01:20.579root 11241100x8000000000000000184312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0a2ab1d31b28bf2022-04-04 14:01:20.579root 11241100x8000000000000000184311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40245078374e4af02022-04-04 14:01:20.579root 11241100x8000000000000000184310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1a2b3b1407b92b2022-04-04 14:01:20.579root 11241100x8000000000000000184309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e64fdb50b4f3c32022-04-04 14:01:20.579root 11241100x8000000000000000184308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5c7e0ad3a683fc2022-04-04 14:01:20.579root 11241100x8000000000000000184307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df1d6f3882151c52022-04-04 14:01:20.579root 11241100x8000000000000000184306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cb3d8e2c2911732022-04-04 14:01:20.579root 11241100x8000000000000000184305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f64fb418e7a4c992022-04-04 14:01:20.579root 11241100x8000000000000000184329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cefefbd4d56da42022-04-04 14:01:20.580root 11241100x8000000000000000184328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec20a666a158fa82022-04-04 14:01:20.580root 11241100x8000000000000000184327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1f0c8c4d249f872022-04-04 14:01:20.580root 11241100x8000000000000000184326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d92fc48eb749ba22022-04-04 14:01:20.580root 11241100x8000000000000000184325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d9a2b50a7080112022-04-04 14:01:20.580root 11241100x8000000000000000184324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba2cb240adbb1ab2022-04-04 14:01:20.580root 11241100x8000000000000000184323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc70755d10da1f22022-04-04 14:01:20.580root 11241100x8000000000000000184322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4da54e3cbeb39da2022-04-04 14:01:20.580root 11241100x8000000000000000184321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f5aa5888b7e3cc2022-04-04 14:01:20.580root 11241100x8000000000000000184320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3498e4ce087cbda2022-04-04 14:01:20.580root 11241100x8000000000000000184319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303bd59721f4e9cb2022-04-04 14:01:20.580root 11241100x8000000000000000184318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4c99d11e87edff2022-04-04 14:01:20.580root 11241100x8000000000000000184331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cad0aa253b0b742022-04-04 14:01:20.581root 11241100x8000000000000000184330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:20.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308045fe37430f812022-04-04 14:01:20.581root 11241100x8000000000000000184333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c3a298da36f1df2022-04-04 14:01:21.077root 11241100x8000000000000000184332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da3b1ae2f875d272022-04-04 14:01:21.077root 11241100x8000000000000000184338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75945497451fbddd2022-04-04 14:01:21.078root 11241100x8000000000000000184337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dee7bb3f5e257f2022-04-04 14:01:21.078root 11241100x8000000000000000184336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3411742ccfd0882022-04-04 14:01:21.078root 11241100x8000000000000000184335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7dd535bca30722022-04-04 14:01:21.078root 11241100x8000000000000000184334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041114a99a778432022-04-04 14:01:21.078root 11241100x8000000000000000184343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe26525142435ec2022-04-04 14:01:21.079root 11241100x8000000000000000184342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e10aa2777126e62022-04-04 14:01:21.079root 11241100x8000000000000000184341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bfeecc782963b12022-04-04 14:01:21.079root 11241100x8000000000000000184340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d478113a646eb2022-04-04 14:01:21.079root 11241100x8000000000000000184339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e792efe23d3ecd72022-04-04 14:01:21.079root 11241100x8000000000000000184354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53603c6105bd43a2022-04-04 14:01:21.080root 11241100x8000000000000000184353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7e08c0f619f3a32022-04-04 14:01:21.080root 11241100x8000000000000000184352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4ca65ac24d84a92022-04-04 14:01:21.080root 11241100x8000000000000000184351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac7035760951e5e2022-04-04 14:01:21.080root 11241100x8000000000000000184350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98eb8a05c838dd32022-04-04 14:01:21.080root 11241100x8000000000000000184349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3029f1dff2c2112022-04-04 14:01:21.080root 11241100x8000000000000000184348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19284abe823775552022-04-04 14:01:21.080root 11241100x8000000000000000184347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327a6e94881d685b2022-04-04 14:01:21.080root 11241100x8000000000000000184346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1056a3eb032fdbc72022-04-04 14:01:21.080root 11241100x8000000000000000184345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ab98e12b544b2c2022-04-04 14:01:21.080root 11241100x8000000000000000184344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99186d5d6cafa7742022-04-04 14:01:21.080root 11241100x8000000000000000184361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70e4adf968ed15e2022-04-04 14:01:21.081root 11241100x8000000000000000184360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b5d80fe6625822022-04-04 14:01:21.081root 11241100x8000000000000000184359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e1ea5f219ea9472022-04-04 14:01:21.081root 11241100x8000000000000000184358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea88af39810602b82022-04-04 14:01:21.081root 11241100x8000000000000000184357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78095f3dd1d5722f2022-04-04 14:01:21.081root 11241100x8000000000000000184356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ae5880797875872022-04-04 14:01:21.081root 11241100x8000000000000000184355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412cdbbd6d8793342022-04-04 14:01:21.081root 11241100x8000000000000000184366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e130ca079ffcf92022-04-04 14:01:21.576root 11241100x8000000000000000184365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f979710d54545022022-04-04 14:01:21.576root 11241100x8000000000000000184364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2dddb5f67169ac2022-04-04 14:01:21.576root 11241100x8000000000000000184363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5790459eac930ba22022-04-04 14:01:21.576root 11241100x8000000000000000184362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd3b119fb91ea7c2022-04-04 14:01:21.576root 11241100x8000000000000000184380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f02553d2b401a5d2022-04-04 14:01:21.577root 11241100x8000000000000000184379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a1ecbcce02445c2022-04-04 14:01:21.577root 11241100x8000000000000000184378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e46a14519ee42e2022-04-04 14:01:21.577root 11241100x8000000000000000184377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287b570f58334fe72022-04-04 14:01:21.577root 11241100x8000000000000000184376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8d36d29786d04f2022-04-04 14:01:21.577root 11241100x8000000000000000184375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6929658e98d4fee2022-04-04 14:01:21.577root 11241100x8000000000000000184374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458f41443ba703062022-04-04 14:01:21.577root 11241100x8000000000000000184373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdc1c43a2cd2c1e2022-04-04 14:01:21.577root 11241100x8000000000000000184372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acd588d8cade7e42022-04-04 14:01:21.577root 11241100x8000000000000000184371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40b0024790ffee12022-04-04 14:01:21.577root 11241100x8000000000000000184370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd952e7ff24856e2022-04-04 14:01:21.577root 11241100x8000000000000000184369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae6ff7fd76c045e2022-04-04 14:01:21.577root 11241100x8000000000000000184368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57b6129d2ebf2632022-04-04 14:01:21.577root 11241100x8000000000000000184367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4468939f6d7274e62022-04-04 14:01:21.577root 11241100x8000000000000000184394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533a372758c067fc2022-04-04 14:01:21.578root 11241100x8000000000000000184393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d09f3d774bf2e52022-04-04 14:01:21.578root 11241100x8000000000000000184392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08a6bf0ea61cd2f2022-04-04 14:01:21.578root 11241100x8000000000000000184391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f253d8db8b83d92022-04-04 14:01:21.578root 11241100x8000000000000000184390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825d47a6924b2af42022-04-04 14:01:21.578root 11241100x8000000000000000184389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2a067d110e63e22022-04-04 14:01:21.578root 11241100x8000000000000000184388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b4ac12465ece062022-04-04 14:01:21.578root 11241100x8000000000000000184387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a19efa3b8587f42022-04-04 14:01:21.578root 11241100x8000000000000000184386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cc5d27d567d24d2022-04-04 14:01:21.578root 11241100x8000000000000000184385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022729ca906c43d2022-04-04 14:01:21.578root 11241100x8000000000000000184384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7236037b541e72df2022-04-04 14:01:21.578root 11241100x8000000000000000184383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4bc0087bf658632022-04-04 14:01:21.578root 11241100x8000000000000000184382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dbf92d9fa832bd2022-04-04 14:01:21.578root 11241100x8000000000000000184381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd33a1f7158aabd2022-04-04 14:01:21.578root 11241100x8000000000000000184396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8b35fe696b399c2022-04-04 14:01:21.579root 11241100x8000000000000000184395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:21.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb94ad819f1a81662022-04-04 14:01:21.579root 11241100x8000000000000000184403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7046ad95cfb611452022-04-04 14:01:22.077root 11241100x8000000000000000184402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2452affdaecbeee2022-04-04 14:01:22.077root 11241100x8000000000000000184401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8b131a81b82c642022-04-04 14:01:22.077root 11241100x8000000000000000184400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b2d099d861d8f82022-04-04 14:01:22.077root 11241100x8000000000000000184399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc9677c76ded97f2022-04-04 14:01:22.077root 11241100x8000000000000000184398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3fea20ab63f7272022-04-04 14:01:22.077root 11241100x8000000000000000184397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9138182481df57012022-04-04 14:01:22.077root 11241100x8000000000000000184416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d660583c2a0b3de2022-04-04 14:01:22.078root 11241100x8000000000000000184415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fd124a091e63832022-04-04 14:01:22.078root 11241100x8000000000000000184414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbe6188e063052c2022-04-04 14:01:22.078root 11241100x8000000000000000184413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14801d3ae4d213c2022-04-04 14:01:22.078root 11241100x8000000000000000184412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84317f60682a48ba2022-04-04 14:01:22.078root 11241100x8000000000000000184411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f31bcfa18f866c22022-04-04 14:01:22.078root 11241100x8000000000000000184410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad1663b47e639e82022-04-04 14:01:22.078root 11241100x8000000000000000184409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758c80d9faa9834b2022-04-04 14:01:22.078root 11241100x8000000000000000184408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79856ee203b9bdce2022-04-04 14:01:22.078root 11241100x8000000000000000184407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8b1d98250197de2022-04-04 14:01:22.078root 11241100x8000000000000000184406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90aab8a180cf4c92022-04-04 14:01:22.078root 11241100x8000000000000000184405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02fe2333dfb41a72022-04-04 14:01:22.078root 11241100x8000000000000000184404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7414bd66b6c8ec3c2022-04-04 14:01:22.078root 11241100x8000000000000000184426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e65acc519e14112022-04-04 14:01:22.079root 11241100x8000000000000000184425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2141b343e3b65452022-04-04 14:01:22.079root 11241100x8000000000000000184424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682588c22de7c1ef2022-04-04 14:01:22.079root 11241100x8000000000000000184423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85809ca0ee0518392022-04-04 14:01:22.079root 11241100x8000000000000000184422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b61671987e1412022-04-04 14:01:22.079root 11241100x8000000000000000184421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc724800de162b72022-04-04 14:01:22.079root 11241100x8000000000000000184420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb366557cb967b2b2022-04-04 14:01:22.079root 11241100x8000000000000000184419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12343ff3c5864e2f2022-04-04 14:01:22.079root 11241100x8000000000000000184418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fbe217988aa3332022-04-04 14:01:22.079root 11241100x8000000000000000184417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da91fdab1cb79acd2022-04-04 14:01:22.079root 11241100x8000000000000000184431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518a793cc249858d2022-04-04 14:01:22.576root 11241100x8000000000000000184430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a80e621aca809f92022-04-04 14:01:22.576root 11241100x8000000000000000184429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74449066e74c82672022-04-04 14:01:22.576root 11241100x8000000000000000184428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f87239f61a8d452022-04-04 14:01:22.576root 11241100x8000000000000000184427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a19fda1a29acb1a2022-04-04 14:01:22.576root 11241100x8000000000000000184441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d3abdb4a760d572022-04-04 14:01:22.577root 11241100x8000000000000000184440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c473547b124c6a02022-04-04 14:01:22.577root 11241100x8000000000000000184439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6844239849f57312022-04-04 14:01:22.577root 11241100x8000000000000000184438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f515411ff0ae92022-04-04 14:01:22.577root 11241100x8000000000000000184437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f7aab5c0017c822022-04-04 14:01:22.577root 11241100x8000000000000000184436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b8e3bd8ee35c462022-04-04 14:01:22.577root 11241100x8000000000000000184435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7395c22b3b810f2022-04-04 14:01:22.577root 11241100x8000000000000000184434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58e1a272f8960d42022-04-04 14:01:22.577root 11241100x8000000000000000184433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaa59a721756be92022-04-04 14:01:22.577root 11241100x8000000000000000184432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc2b8811f4b86b52022-04-04 14:01:22.577root 11241100x8000000000000000184454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747c70afaa8787452022-04-04 14:01:22.578root 11241100x8000000000000000184453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c7c9837710d1e32022-04-04 14:01:22.578root 11241100x8000000000000000184452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f6e8cdacd723672022-04-04 14:01:22.578root 11241100x8000000000000000184451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdce111be583fd62022-04-04 14:01:22.578root 11241100x8000000000000000184450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcf69484133ac802022-04-04 14:01:22.578root 11241100x8000000000000000184449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f7f0d787a648d72022-04-04 14:01:22.578root 11241100x8000000000000000184448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c647e723a9810bcc2022-04-04 14:01:22.578root 11241100x8000000000000000184447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493af0a5d9bd7d6f2022-04-04 14:01:22.578root 11241100x8000000000000000184446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d61f75bda0cdea2022-04-04 14:01:22.578root 11241100x8000000000000000184445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4640419cf5b231e2022-04-04 14:01:22.578root 11241100x8000000000000000184444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110f8740a59225522022-04-04 14:01:22.578root 11241100x8000000000000000184443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8d5c99e92c1f3d2022-04-04 14:01:22.578root 11241100x8000000000000000184442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aa057f2c9887e32022-04-04 14:01:22.578root 11241100x8000000000000000184464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54036d5b4bb9cc7b2022-04-04 14:01:22.579root 11241100x8000000000000000184463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bba54daadb38e4b2022-04-04 14:01:22.579root 11241100x8000000000000000184462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59ff9f4141b15bc2022-04-04 14:01:22.579root 11241100x8000000000000000184461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78ac15ca8861eed2022-04-04 14:01:22.579root 11241100x8000000000000000184460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca1e5d2ad410e2f2022-04-04 14:01:22.579root 11241100x8000000000000000184459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c12099e574c1a82022-04-04 14:01:22.579root 11241100x8000000000000000184458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce99e2edeb1012f72022-04-04 14:01:22.579root 11241100x8000000000000000184457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e77695795b939152022-04-04 14:01:22.579root 11241100x8000000000000000184456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e6d64e6b0f3d42022-04-04 14:01:22.579root 11241100x8000000000000000184455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:22.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856c5eeee05556d2022-04-04 14:01:22.579root 11241100x8000000000000000184475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe97ec52d5bb99a2022-04-04 14:01:23.077root 11241100x8000000000000000184474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e0d4ae77352f8e2022-04-04 14:01:23.077root 11241100x8000000000000000184473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a192642526107ad82022-04-04 14:01:23.077root 11241100x8000000000000000184472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0628baaf71c6152022-04-04 14:01:23.077root 11241100x8000000000000000184471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d3d5df92561aed2022-04-04 14:01:23.077root 11241100x8000000000000000184470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7d1c5ba8b80e772022-04-04 14:01:23.077root 11241100x8000000000000000184469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40351e26452a712022-04-04 14:01:23.077root 11241100x8000000000000000184468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41985459a11f432022-04-04 14:01:23.077root 11241100x8000000000000000184467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d015981483e9e5822022-04-04 14:01:23.077root 11241100x8000000000000000184466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e081a5bf9195aee02022-04-04 14:01:23.077root 11241100x8000000000000000184465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d61dad4d18a5c72022-04-04 14:01:23.077root 11241100x8000000000000000184483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a9d56d9ed1d292022-04-04 14:01:23.078root 11241100x8000000000000000184482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f5f6e59cdcd4892022-04-04 14:01:23.078root 11241100x8000000000000000184481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560e260aab9833062022-04-04 14:01:23.078root 11241100x8000000000000000184480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43be49d3e9604d3f2022-04-04 14:01:23.078root 11241100x8000000000000000184479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10627816dc110f732022-04-04 14:01:23.078root 11241100x8000000000000000184478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d5cbb442f812562022-04-04 14:01:23.078root 11241100x8000000000000000184477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c54e21dad9ba1e12022-04-04 14:01:23.078root 11241100x8000000000000000184476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8d8c4de41c41e32022-04-04 14:01:23.078root 11241100x8000000000000000184490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0accb3d648be90162022-04-04 14:01:23.079root 11241100x8000000000000000184489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f99485b8d741622022-04-04 14:01:23.079root 11241100x8000000000000000184488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81295dcc102a0f9e2022-04-04 14:01:23.079root 11241100x8000000000000000184487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da319ab519e5e1252022-04-04 14:01:23.079root 11241100x8000000000000000184486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105e0538695053942022-04-04 14:01:23.079root 11241100x8000000000000000184485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ac519b3ebddfcc2022-04-04 14:01:23.079root 11241100x8000000000000000184484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853aedb2b6ad26252022-04-04 14:01:23.079root 11241100x8000000000000000184494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac91e459e43b40502022-04-04 14:01:23.080root 11241100x8000000000000000184493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5762963cabda162022-04-04 14:01:23.080root 11241100x8000000000000000184492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3363d4044ac3ac2022-04-04 14:01:23.080root 11241100x8000000000000000184491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f200810e81bea5f12022-04-04 14:01:23.080root 11241100x8000000000000000184497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9768efbaf48fd12022-04-04 14:01:23.576root 11241100x8000000000000000184496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc6286c81911d972022-04-04 14:01:23.576root 11241100x8000000000000000184495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa29a21281eaf4c2022-04-04 14:01:23.576root 11241100x8000000000000000184501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a158562a49d59a2022-04-04 14:01:23.577root 11241100x8000000000000000184500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae061800a5c7d5252022-04-04 14:01:23.577root 11241100x8000000000000000184499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e5451a706106e62022-04-04 14:01:23.577root 11241100x8000000000000000184498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34914f44802dfe82022-04-04 14:01:23.577root 11241100x8000000000000000184510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90badb92b55fcd2022-04-04 14:01:23.578root 11241100x8000000000000000184509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2abf58b6e3bdfcc2022-04-04 14:01:23.578root 11241100x8000000000000000184508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e51a038d48d4d2022-04-04 14:01:23.578root 11241100x8000000000000000184507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4e39fc2afa78ec2022-04-04 14:01:23.578root 11241100x8000000000000000184506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2083d7725e838c6a2022-04-04 14:01:23.578root 11241100x8000000000000000184505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad2a99695a2562c2022-04-04 14:01:23.578root 11241100x8000000000000000184504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8377a151f7469ec2022-04-04 14:01:23.578root 11241100x8000000000000000184503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec7618ea9f5efa2022-04-04 14:01:23.578root 11241100x8000000000000000184502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0247d536c157735e2022-04-04 14:01:23.578root 11241100x8000000000000000184526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3348ff15dc9a92a2022-04-04 14:01:23.579root 11241100x8000000000000000184525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4004266e16345e2022-04-04 14:01:23.579root 11241100x8000000000000000184524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af64724f776f49d2022-04-04 14:01:23.579root 11241100x8000000000000000184523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942e7e0d8b0fb6c02022-04-04 14:01:23.579root 11241100x8000000000000000184522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b3f008fba18b762022-04-04 14:01:23.579root 11241100x8000000000000000184521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f6ab5c23d844e72022-04-04 14:01:23.579root 11241100x8000000000000000184520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96db076a69ec94d52022-04-04 14:01:23.579root 11241100x8000000000000000184519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30ea81fb36cedb82022-04-04 14:01:23.579root 11241100x8000000000000000184518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f17f2e1300f1eb2022-04-04 14:01:23.579root 11241100x8000000000000000184517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646ec956417507262022-04-04 14:01:23.579root 11241100x8000000000000000184516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99669229532787f32022-04-04 14:01:23.579root 11241100x8000000000000000184515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c196e5cd2181cc2022-04-04 14:01:23.579root 11241100x8000000000000000184514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f300c87f0150032022-04-04 14:01:23.579root 11241100x8000000000000000184513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f86ad9a59de8872022-04-04 14:01:23.579root 11241100x8000000000000000184512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffac59b31ccf7092022-04-04 14:01:23.579root 11241100x8000000000000000184511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a843dfd2e3df1e2c2022-04-04 14:01:23.579root 11241100x8000000000000000184531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484450a09bd014d12022-04-04 14:01:23.580root 11241100x8000000000000000184530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bcd36608b419842022-04-04 14:01:23.580root 11241100x8000000000000000184529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb6a0cefc25e4622022-04-04 14:01:23.580root 11241100x8000000000000000184528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c725828b6e6e1d2022-04-04 14:01:23.580root 11241100x8000000000000000184527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:23.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25371ccb70f1d102022-04-04 14:01:23.580root 11241100x8000000000000000184535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd65f98fd5f635d52022-04-04 14:01:24.076root 11241100x8000000000000000184534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25bf507b865343c2022-04-04 14:01:24.076root 11241100x8000000000000000184533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c152f28c4ec53c9f2022-04-04 14:01:24.076root 11241100x8000000000000000184532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c11df64e6040ff2022-04-04 14:01:24.076root 11241100x8000000000000000184546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc5c76b78124ec22022-04-04 14:01:24.077root 11241100x8000000000000000184545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c784812e1c324a652022-04-04 14:01:24.077root 11241100x8000000000000000184544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6daad22604fb22022-04-04 14:01:24.077root 11241100x8000000000000000184543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d17f732f1376882022-04-04 14:01:24.077root 11241100x8000000000000000184542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4044a32ac10c98c2022-04-04 14:01:24.077root 11241100x8000000000000000184541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527e103b51d06b932022-04-04 14:01:24.077root 11241100x8000000000000000184540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848dacd333cacd822022-04-04 14:01:24.077root 11241100x8000000000000000184539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f9de9971b8dcc92022-04-04 14:01:24.077root 11241100x8000000000000000184538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412391692b5c2dcb2022-04-04 14:01:24.077root 11241100x8000000000000000184537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954dd4cb253701be2022-04-04 14:01:24.077root 11241100x8000000000000000184536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd8a4fa2d466d492022-04-04 14:01:24.077root 11241100x8000000000000000184557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f0064d9304667b2022-04-04 14:01:24.078root 11241100x8000000000000000184556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a962c0212e18e62022-04-04 14:01:24.078root 11241100x8000000000000000184555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e047344a6438b82022-04-04 14:01:24.078root 11241100x8000000000000000184554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b973cc43370e2bf2022-04-04 14:01:24.078root 11241100x8000000000000000184553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297a25e207963c8a2022-04-04 14:01:24.078root 11241100x8000000000000000184552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cd29b8cfcd77502022-04-04 14:01:24.078root 11241100x8000000000000000184551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8279feba2c2c629d2022-04-04 14:01:24.078root 11241100x8000000000000000184550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de60ae9e2ed0c3a2022-04-04 14:01:24.078root 11241100x8000000000000000184549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef59a7aee876f5502022-04-04 14:01:24.078root 11241100x8000000000000000184548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4d27402f23a3222022-04-04 14:01:24.078root 11241100x8000000000000000184547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bbb4fb709c05e72022-04-04 14:01:24.078root 11241100x8000000000000000184571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e89096532d1935b2022-04-04 14:01:24.079root 11241100x8000000000000000184570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999794b23d39d2902022-04-04 14:01:24.079root 11241100x8000000000000000184569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c950befee407ff52022-04-04 14:01:24.079root 11241100x8000000000000000184568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354f0e4e10e6fd4e2022-04-04 14:01:24.079root 11241100x8000000000000000184567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c52ac862c58cc3e2022-04-04 14:01:24.079root 11241100x8000000000000000184566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea80a6ab076d00992022-04-04 14:01:24.079root 11241100x8000000000000000184565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79a02b72251cdc52022-04-04 14:01:24.079root 11241100x8000000000000000184564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5279ace99146daac2022-04-04 14:01:24.079root 11241100x8000000000000000184563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d2e0b25b6692142022-04-04 14:01:24.079root 11241100x8000000000000000184562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91141698fb8d15242022-04-04 14:01:24.079root 11241100x8000000000000000184561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a2a0bf4fd323d2022-04-04 14:01:24.079root 11241100x8000000000000000184560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64a028c0d0c0fe72022-04-04 14:01:24.079root 11241100x8000000000000000184559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e258f671e7fb4982022-04-04 14:01:24.079root 11241100x8000000000000000184558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44130285778af24e2022-04-04 14:01:24.079root 11241100x8000000000000000184581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154795dca5c004542022-04-04 14:01:24.080root 11241100x8000000000000000184580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a8fa28165845cd2022-04-04 14:01:24.080root 11241100x8000000000000000184579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c59f867eaed72792022-04-04 14:01:24.080root 11241100x8000000000000000184578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e48a9086833ec42022-04-04 14:01:24.080root 11241100x8000000000000000184577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a634d439e98bfd2b2022-04-04 14:01:24.080root 11241100x8000000000000000184576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ecb1fe998189e52022-04-04 14:01:24.080root 11241100x8000000000000000184575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5360926cc72bf4012022-04-04 14:01:24.080root 11241100x8000000000000000184574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328c0a67765c07292022-04-04 14:01:24.080root 11241100x8000000000000000184573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc71321ba1942c72022-04-04 14:01:24.080root 11241100x8000000000000000184572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820299ba2b6636552022-04-04 14:01:24.080root 11241100x8000000000000000184583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8d57eb90a1b4cc2022-04-04 14:01:24.576root 11241100x8000000000000000184582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0d3c1d74790692022-04-04 14:01:24.576root 11241100x8000000000000000184594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a76d6c12aa027a2022-04-04 14:01:24.577root 11241100x8000000000000000184593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906e5b2b96c25182022-04-04 14:01:24.577root 11241100x8000000000000000184592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4775b3b4086e30062022-04-04 14:01:24.577root 11241100x8000000000000000184591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbe2c3f919af5382022-04-04 14:01:24.577root 11241100x8000000000000000184590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dc5ac207a7e9992022-04-04 14:01:24.577root 11241100x8000000000000000184589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cd03d5df8028c42022-04-04 14:01:24.577root 11241100x8000000000000000184588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dc9abcb56a4da42022-04-04 14:01:24.577root 11241100x8000000000000000184587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a681f6393fae69992022-04-04 14:01:24.577root 11241100x8000000000000000184586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36f61f90d6be3d72022-04-04 14:01:24.577root 11241100x8000000000000000184585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbb7d0714fe7a9e2022-04-04 14:01:24.577root 11241100x8000000000000000184584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a46a22944e0f56f2022-04-04 14:01:24.577root 11241100x8000000000000000184607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d4b22fed8e88682022-04-04 14:01:24.578root 11241100x8000000000000000184606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d65a60e56ba8d2022-04-04 14:01:24.578root 11241100x8000000000000000184605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b556015629bcb22022-04-04 14:01:24.578root 11241100x8000000000000000184604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e3ace0fc1e0522022-04-04 14:01:24.578root 11241100x8000000000000000184603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a1b308e369e7e72022-04-04 14:01:24.578root 11241100x8000000000000000184602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9746673318aa8992022-04-04 14:01:24.578root 11241100x8000000000000000184601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28973dfe6a32c80a2022-04-04 14:01:24.578root 11241100x8000000000000000184600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c83d05b651346bf2022-04-04 14:01:24.578root 11241100x8000000000000000184599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe44dab120ab122022-04-04 14:01:24.578root 11241100x8000000000000000184598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406bf806400bc6492022-04-04 14:01:24.578root 11241100x8000000000000000184597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e572f63e8f59df282022-04-04 14:01:24.578root 11241100x8000000000000000184596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2346c1593d57f352022-04-04 14:01:24.578root 11241100x8000000000000000184595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93b0939de069c0d2022-04-04 14:01:24.578root 11241100x8000000000000000184621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbc639e5934d5722022-04-04 14:01:24.579root 11241100x8000000000000000184620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5d59a440caf6652022-04-04 14:01:24.579root 11241100x8000000000000000184619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4c537e32d1980a2022-04-04 14:01:24.579root 11241100x8000000000000000184618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a39c20ef2e1e162022-04-04 14:01:24.579root 11241100x8000000000000000184617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816a863ae77c53d12022-04-04 14:01:24.579root 11241100x8000000000000000184616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152247cdb97af6592022-04-04 14:01:24.579root 11241100x8000000000000000184615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cc35d6196b59b82022-04-04 14:01:24.579root 11241100x8000000000000000184614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3e7a13aa77ec852022-04-04 14:01:24.579root 11241100x8000000000000000184613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc93181abfdb53622022-04-04 14:01:24.579root 11241100x8000000000000000184612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e879faf48707c9e2022-04-04 14:01:24.579root 11241100x8000000000000000184611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415709850188d0ff2022-04-04 14:01:24.579root 11241100x8000000000000000184610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a6a84f7e8b9fdb2022-04-04 14:01:24.579root 11241100x8000000000000000184609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bfddf0cfccfb522022-04-04 14:01:24.579root 11241100x8000000000000000184608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3203222016c025062022-04-04 14:01:24.579root 11241100x8000000000000000184624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b2d962994512832022-04-04 14:01:24.580root 11241100x8000000000000000184623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8fa8bb9cf919c82022-04-04 14:01:24.580root 11241100x8000000000000000184622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:24.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58129d1e3fa1f77b2022-04-04 14:01:24.580root 11241100x8000000000000000184626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b62fc72a5a54c62022-04-04 14:01:25.076root 11241100x8000000000000000184625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d8ae7c33d12b1e2022-04-04 14:01:25.076root 11241100x8000000000000000184635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa3199bd4e5c9d02022-04-04 14:01:25.077root 11241100x8000000000000000184634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b5aa6988d7e002022-04-04 14:01:25.077root 11241100x8000000000000000184633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5332fa7eeff682022-04-04 14:01:25.077root 11241100x8000000000000000184632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf55c5a00ef4c92d2022-04-04 14:01:25.077root 11241100x8000000000000000184631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6034846ddfc7dc2022-04-04 14:01:25.077root 11241100x8000000000000000184630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b50d6a2cc5fbb172022-04-04 14:01:25.077root 11241100x8000000000000000184629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14b5392fb8626f72022-04-04 14:01:25.077root 11241100x8000000000000000184628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8d35f81b2c36112022-04-04 14:01:25.077root 11241100x8000000000000000184627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb7cf5225240d642022-04-04 14:01:25.077root 11241100x8000000000000000184645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8967a5e20feb762022-04-04 14:01:25.078root 11241100x8000000000000000184644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4075d00fa08da8312022-04-04 14:01:25.078root 11241100x8000000000000000184643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00594a379758254b2022-04-04 14:01:25.078root 11241100x8000000000000000184642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f79419e8a83d1d2022-04-04 14:01:25.078root 11241100x8000000000000000184641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec34e4fe7894065f2022-04-04 14:01:25.078root 11241100x8000000000000000184640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296b86510ae337362022-04-04 14:01:25.078root 11241100x8000000000000000184639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f30371739c0c5c2022-04-04 14:01:25.078root 11241100x8000000000000000184638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c1bf24f75f28bb2022-04-04 14:01:25.078root 11241100x8000000000000000184637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7905175cc6c49412022-04-04 14:01:25.078root 11241100x8000000000000000184636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e4f00ff8f278822022-04-04 14:01:25.078root 11241100x8000000000000000184661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83d91ecc9387e022022-04-04 14:01:25.079root 11241100x8000000000000000184660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e68e3ed58547bd2022-04-04 14:01:25.079root 11241100x8000000000000000184659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36dc2aee80c2df2022-04-04 14:01:25.079root 11241100x8000000000000000184658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df02496a037c454f2022-04-04 14:01:25.079root 11241100x8000000000000000184657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45e5210ad3db4282022-04-04 14:01:25.079root 11241100x8000000000000000184656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dff6730e3079e72022-04-04 14:01:25.079root 11241100x8000000000000000184655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591e26898ab226ef2022-04-04 14:01:25.079root 11241100x8000000000000000184654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab02449eba6511d2022-04-04 14:01:25.079root 11241100x8000000000000000184653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1973178039b8d5a42022-04-04 14:01:25.079root 11241100x8000000000000000184652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac7ed61ac0a54e02022-04-04 14:01:25.079root 11241100x8000000000000000184651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5c3fe435afc5732022-04-04 14:01:25.079root 11241100x8000000000000000184650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bd852168bed79c2022-04-04 14:01:25.079root 11241100x8000000000000000184649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb62f69ad005b6ed2022-04-04 14:01:25.079root 11241100x8000000000000000184648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c95b32b45121c822022-04-04 14:01:25.079root 11241100x8000000000000000184647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e458d0c0d95ab342022-04-04 14:01:25.079root 11241100x8000000000000000184646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d95b89cfda760522022-04-04 14:01:25.079root 11241100x8000000000000000184664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e1a9e9447791d22022-04-04 14:01:25.080root 11241100x8000000000000000184663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536265ad8d1d31b92022-04-04 14:01:25.080root 11241100x8000000000000000184662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7b50c0a5b790b52022-04-04 14:01:25.080root 354300x8000000000000000184665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.248{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34460-false10.0.1.12-8000- 11241100x8000000000000000184667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad00f31159f5a4022022-04-04 14:01:25.576root 11241100x8000000000000000184666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14670538093e6e642022-04-04 14:01:25.576root 11241100x8000000000000000184672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831e8071fd0769fe2022-04-04 14:01:25.577root 11241100x8000000000000000184671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c2d35225871dea2022-04-04 14:01:25.577root 11241100x8000000000000000184670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6f634778fcaabf2022-04-04 14:01:25.577root 11241100x8000000000000000184669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9945c25f3272f5542022-04-04 14:01:25.577root 11241100x8000000000000000184668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9db541575b736e32022-04-04 14:01:25.577root 11241100x8000000000000000184684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3e91e184aaf92a2022-04-04 14:01:25.578root 11241100x8000000000000000184683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afe6411a26eff552022-04-04 14:01:25.578root 11241100x8000000000000000184682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f3374f4215874d2022-04-04 14:01:25.578root 11241100x8000000000000000184681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56de4ddea00478072022-04-04 14:01:25.578root 11241100x8000000000000000184680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb01f68705629eeb2022-04-04 14:01:25.578root 11241100x8000000000000000184679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986bc40aa2c2b8062022-04-04 14:01:25.578root 11241100x8000000000000000184678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9bd7e61068e2372022-04-04 14:01:25.578root 11241100x8000000000000000184677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177bf95aea618782022-04-04 14:01:25.578root 11241100x8000000000000000184676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d26c0818568a52022-04-04 14:01:25.578root 11241100x8000000000000000184675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a295c55561efb4bf2022-04-04 14:01:25.578root 11241100x8000000000000000184674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccde16f353c2649f2022-04-04 14:01:25.578root 11241100x8000000000000000184673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc31b783326578e2022-04-04 14:01:25.578root 11241100x8000000000000000184700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859ad4268a84a2dc2022-04-04 14:01:25.579root 11241100x8000000000000000184699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7958cbfde0524a0f2022-04-04 14:01:25.579root 11241100x8000000000000000184698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1271aaebdab3e02022-04-04 14:01:25.579root 11241100x8000000000000000184697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4821c6f5fd8eee2022-04-04 14:01:25.579root 11241100x8000000000000000184696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0242c7371275d4182022-04-04 14:01:25.579root 11241100x8000000000000000184695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b9e94aefc40632022-04-04 14:01:25.579root 11241100x8000000000000000184694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7557917a5d81c1f2022-04-04 14:01:25.579root 11241100x8000000000000000184693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbec041e014e38e52022-04-04 14:01:25.579root 11241100x8000000000000000184692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88943841a94f13a2022-04-04 14:01:25.579root 11241100x8000000000000000184691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79306f96df75aae92022-04-04 14:01:25.579root 11241100x8000000000000000184690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621db13ffdb761602022-04-04 14:01:25.579root 11241100x8000000000000000184689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e860c6e251311a22022-04-04 14:01:25.579root 11241100x8000000000000000184688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23332bdfa246e8ca2022-04-04 14:01:25.579root 11241100x8000000000000000184687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b8f77480c5089c2022-04-04 14:01:25.579root 11241100x8000000000000000184686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3058ca5536491c2022-04-04 14:01:25.579root 11241100x8000000000000000184685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b0b4ad9ec651ed2022-04-04 14:01:25.579root 11241100x8000000000000000184703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b344f852853cd5352022-04-04 14:01:25.580root 11241100x8000000000000000184702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4efc41763af528d2022-04-04 14:01:25.580root 11241100x8000000000000000184701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:25.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a08522ee15d00042022-04-04 14:01:25.580root 11241100x8000000000000000184709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f102cc4e47e49422022-04-04 14:01:26.077root 11241100x8000000000000000184708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d8bb98ee8bea062022-04-04 14:01:26.077root 11241100x8000000000000000184707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ea88e531895f5c2022-04-04 14:01:26.077root 11241100x8000000000000000184706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a7aa64407ad7b82022-04-04 14:01:26.077root 11241100x8000000000000000184705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8eeb70e93e04b82022-04-04 14:01:26.077root 11241100x8000000000000000184704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e8f478af0e6f92022-04-04 14:01:26.077root 11241100x8000000000000000184718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025266d85627888b2022-04-04 14:01:26.078root 11241100x8000000000000000184717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1c008b134bfb442022-04-04 14:01:26.078root 11241100x8000000000000000184716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e767c7bff861e0772022-04-04 14:01:26.078root 11241100x8000000000000000184715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a63cbc0b5f9474e2022-04-04 14:01:26.078root 11241100x8000000000000000184714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cd6473f70bfd162022-04-04 14:01:26.078root 11241100x8000000000000000184713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7027df5dbbbbf12022-04-04 14:01:26.078root 11241100x8000000000000000184712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c77696e726b47f62022-04-04 14:01:26.078root 11241100x8000000000000000184711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7571533c950f4012022-04-04 14:01:26.078root 11241100x8000000000000000184710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768ca1eb0e7de04d2022-04-04 14:01:26.078root 11241100x8000000000000000184725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab4263a6019303d2022-04-04 14:01:26.079root 11241100x8000000000000000184724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656dd76819c6913a2022-04-04 14:01:26.079root 11241100x8000000000000000184723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0383f2390c52885c2022-04-04 14:01:26.079root 11241100x8000000000000000184722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8cd65faa01d96b2022-04-04 14:01:26.079root 11241100x8000000000000000184721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6ff9a26942ea5d2022-04-04 14:01:26.079root 11241100x8000000000000000184720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c70e99e26c187832022-04-04 14:01:26.079root 11241100x8000000000000000184719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84276076f16c9b542022-04-04 14:01:26.079root 11241100x8000000000000000184734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111f72270976cd052022-04-04 14:01:26.080root 11241100x8000000000000000184733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cefaad1aa66efc52022-04-04 14:01:26.080root 11241100x8000000000000000184732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62871750f29fa232022-04-04 14:01:26.080root 11241100x8000000000000000184731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9310267c87e1792022-04-04 14:01:26.080root 11241100x8000000000000000184730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75d68b4989479672022-04-04 14:01:26.080root 11241100x8000000000000000184729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee151ec57f6aa9d52022-04-04 14:01:26.080root 11241100x8000000000000000184728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e648f076f53ad3d52022-04-04 14:01:26.080root 11241100x8000000000000000184727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2f16ea6e5000c42022-04-04 14:01:26.080root 11241100x8000000000000000184726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe9b51da846c9112022-04-04 14:01:26.080root 11241100x8000000000000000184741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b8de82f540f26d2022-04-04 14:01:26.577root 11241100x8000000000000000184740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f37483c773c19792022-04-04 14:01:26.577root 11241100x8000000000000000184739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cddccd0daa20cb2022-04-04 14:01:26.577root 11241100x8000000000000000184738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdf9526357e43492022-04-04 14:01:26.577root 11241100x8000000000000000184737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6ebeeab3640892022-04-04 14:01:26.577root 11241100x8000000000000000184736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16d74968334685d2022-04-04 14:01:26.577root 11241100x8000000000000000184735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3de8602638a420e2022-04-04 14:01:26.577root 11241100x8000000000000000184756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89073abf0189f69e2022-04-04 14:01:26.578root 11241100x8000000000000000184755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f56622e1c6e5b22022-04-04 14:01:26.578root 11241100x8000000000000000184754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88283210ec0773cc2022-04-04 14:01:26.578root 11241100x8000000000000000184753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1212ec71b0b4342022-04-04 14:01:26.578root 11241100x8000000000000000184752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cfeeb29b5fa28a2022-04-04 14:01:26.578root 11241100x8000000000000000184751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49a560d492e6c1c2022-04-04 14:01:26.578root 11241100x8000000000000000184750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f7f9090086cd902022-04-04 14:01:26.578root 11241100x8000000000000000184749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc45c6303fa6457c2022-04-04 14:01:26.578root 11241100x8000000000000000184748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898806882770e8632022-04-04 14:01:26.578root 11241100x8000000000000000184747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015902aba03be5152022-04-04 14:01:26.578root 11241100x8000000000000000184746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb9749cc57160e02022-04-04 14:01:26.578root 11241100x8000000000000000184745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3d55b3e64af8c72022-04-04 14:01:26.578root 11241100x8000000000000000184744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a4e458f09709ae2022-04-04 14:01:26.578root 11241100x8000000000000000184743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e64825fddef2442022-04-04 14:01:26.578root 11241100x8000000000000000184742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb65d7c1f1034aa2022-04-04 14:01:26.578root 11241100x8000000000000000184765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e218e04be09a6d42022-04-04 14:01:26.579root 11241100x8000000000000000184764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61efa7a8569499c2022-04-04 14:01:26.579root 11241100x8000000000000000184763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62c1f1dc93dd24b2022-04-04 14:01:26.579root 11241100x8000000000000000184762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3f2556676a4d102022-04-04 14:01:26.579root 11241100x8000000000000000184761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75df702182e343442022-04-04 14:01:26.579root 11241100x8000000000000000184760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb922b224eb4b4e62022-04-04 14:01:26.579root 11241100x8000000000000000184759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990ade96d2e81d762022-04-04 14:01:26.579root 11241100x8000000000000000184758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2ac6cb243554212022-04-04 14:01:26.579root 11241100x8000000000000000184757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:26.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c9b782738eb31d2022-04-04 14:01:26.579root 11241100x8000000000000000184775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa7231923e5af8f2022-04-04 14:01:27.077root 11241100x8000000000000000184774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48de2230b826d51b2022-04-04 14:01:27.077root 11241100x8000000000000000184773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4933839c86ec7fdf2022-04-04 14:01:27.077root 11241100x8000000000000000184772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1949473387758282022-04-04 14:01:27.077root 11241100x8000000000000000184771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05024bde39a032af2022-04-04 14:01:27.077root 11241100x8000000000000000184770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e1dfa95e5d9572022-04-04 14:01:27.077root 11241100x8000000000000000184769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086bdba2ef6a332f2022-04-04 14:01:27.077root 11241100x8000000000000000184768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3130d46aa2e20d2022-04-04 14:01:27.077root 11241100x8000000000000000184767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e0f019071fd4302022-04-04 14:01:27.077root 11241100x8000000000000000184766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acc1981f7cae6962022-04-04 14:01:27.077root 11241100x8000000000000000184788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d7314849323ff22022-04-04 14:01:27.078root 11241100x8000000000000000184787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79a39dfbb9e1f82022-04-04 14:01:27.078root 11241100x8000000000000000184786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc12475db20a6962022-04-04 14:01:27.078root 11241100x8000000000000000184785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc0bc541c905f7d2022-04-04 14:01:27.078root 11241100x8000000000000000184784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8df185c8dc0494c2022-04-04 14:01:27.078root 11241100x8000000000000000184783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4cd1824c1e91ea2022-04-04 14:01:27.078root 11241100x8000000000000000184782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8967b11eb502b6ad2022-04-04 14:01:27.078root 11241100x8000000000000000184781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c550cea48682bc832022-04-04 14:01:27.078root 11241100x8000000000000000184780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633a3e00f8d03ed82022-04-04 14:01:27.078root 11241100x8000000000000000184779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c02708c18a53732022-04-04 14:01:27.078root 11241100x8000000000000000184778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f253ae8e66c841ce2022-04-04 14:01:27.078root 11241100x8000000000000000184777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0ea29f47bd32422022-04-04 14:01:27.078root 11241100x8000000000000000184776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7118bba6b28ab72022-04-04 14:01:27.078root 11241100x8000000000000000184796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f791a48cbc3beba2022-04-04 14:01:27.079root 11241100x8000000000000000184795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3fb93d37215acb2022-04-04 14:01:27.079root 11241100x8000000000000000184794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecfc79194664cd42022-04-04 14:01:27.079root 11241100x8000000000000000184793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25d098197e871782022-04-04 14:01:27.079root 11241100x8000000000000000184792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6e486dba3852db2022-04-04 14:01:27.079root 11241100x8000000000000000184791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d99922ee201ad892022-04-04 14:01:27.079root 11241100x8000000000000000184790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631a0d4f58ce10082022-04-04 14:01:27.079root 11241100x8000000000000000184789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998b28006264b522022-04-04 14:01:27.079root 11241100x8000000000000000184803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f75c5f40b370cc2022-04-04 14:01:27.577root 11241100x8000000000000000184802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5110ef8ef8d40bd52022-04-04 14:01:27.577root 11241100x8000000000000000184801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946cdb198ed716c32022-04-04 14:01:27.577root 11241100x8000000000000000184800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12adb1bee170cde72022-04-04 14:01:27.577root 11241100x8000000000000000184799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f112d90f2cf0f62022-04-04 14:01:27.577root 11241100x8000000000000000184798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d17585881e3be32022-04-04 14:01:27.577root 11241100x8000000000000000184797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda1176a26b84c3d2022-04-04 14:01:27.577root 11241100x8000000000000000184818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2814759e8cd8715e2022-04-04 14:01:27.578root 11241100x8000000000000000184817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169dca8092f199fd2022-04-04 14:01:27.578root 11241100x8000000000000000184816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14533bc09105bc02022-04-04 14:01:27.578root 11241100x8000000000000000184815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8378b9f12fc3769a2022-04-04 14:01:27.578root 11241100x8000000000000000184814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b92135dac3ea2d2022-04-04 14:01:27.578root 11241100x8000000000000000184813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0de65df5fec2f2022-04-04 14:01:27.578root 11241100x8000000000000000184812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f5d2487af999422022-04-04 14:01:27.578root 11241100x8000000000000000184811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82abcc9f39cc3e92022-04-04 14:01:27.578root 11241100x8000000000000000184810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf64a65e2bd899e2022-04-04 14:01:27.578root 11241100x8000000000000000184809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8be6295c4745ad02022-04-04 14:01:27.578root 11241100x8000000000000000184808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c31666e5a7dee52022-04-04 14:01:27.578root 11241100x8000000000000000184807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e84417eaad2d8802022-04-04 14:01:27.578root 11241100x8000000000000000184806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb4f47882549ed2022-04-04 14:01:27.578root 11241100x8000000000000000184805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afdafe49844a9ec2022-04-04 14:01:27.578root 11241100x8000000000000000184804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cf6e51661816072022-04-04 14:01:27.578root 11241100x8000000000000000184826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21deb29a311c567d2022-04-04 14:01:27.579root 11241100x8000000000000000184825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d885ee7a9c9bcb02022-04-04 14:01:27.579root 11241100x8000000000000000184824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ad6c77bab64d92022-04-04 14:01:27.579root 11241100x8000000000000000184823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d311caa58ec117742022-04-04 14:01:27.579root 11241100x8000000000000000184822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db990c29a270402022-04-04 14:01:27.579root 11241100x8000000000000000184821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1894f39b7fa2cf052022-04-04 14:01:27.579root 11241100x8000000000000000184820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b4e815f82e2f312022-04-04 14:01:27.579root 11241100x8000000000000000184819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c11b3d7ffe213ad2022-04-04 14:01:27.579root 11241100x8000000000000000184836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434686e6028ce3852022-04-04 14:01:27.580root 11241100x8000000000000000184835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258d2909fb66942d2022-04-04 14:01:27.580root 11241100x8000000000000000184834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1be1632654a19892022-04-04 14:01:27.580root 11241100x8000000000000000184833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eab859f9674f1042022-04-04 14:01:27.580root 11241100x8000000000000000184832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6945fe26b68ba7182022-04-04 14:01:27.580root 11241100x8000000000000000184831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ebd9047bc325aa2022-04-04 14:01:27.580root 11241100x8000000000000000184830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734c5a66973452532022-04-04 14:01:27.580root 11241100x8000000000000000184829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed084c421e7037c2022-04-04 14:01:27.580root 11241100x8000000000000000184828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13181b0b0ce49ac32022-04-04 14:01:27.580root 11241100x8000000000000000184827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24795ab9536baefb2022-04-04 14:01:27.580root 11241100x8000000000000000184851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4fc5be0fe8ff872022-04-04 14:01:27.581root 11241100x8000000000000000184850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79143511072327332022-04-04 14:01:27.581root 11241100x8000000000000000184849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daaa7c4e3af5fc02022-04-04 14:01:27.581root 11241100x8000000000000000184848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf156a8645b58e6d2022-04-04 14:01:27.581root 11241100x8000000000000000184847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de079f4fc5d36d832022-04-04 14:01:27.581root 11241100x8000000000000000184846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e182922d8d99e662022-04-04 14:01:27.581root 11241100x8000000000000000184845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289532d2469e749a2022-04-04 14:01:27.581root 11241100x8000000000000000184844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9867d7fd03b4dcc62022-04-04 14:01:27.581root 11241100x8000000000000000184843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fe26261cb31052022-04-04 14:01:27.581root 11241100x8000000000000000184842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dca6d376da97d9f2022-04-04 14:01:27.581root 11241100x8000000000000000184841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248caf25d652bbc62022-04-04 14:01:27.581root 11241100x8000000000000000184840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a378f0837fc35d2022-04-04 14:01:27.581root 11241100x8000000000000000184839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97096fa45ae87f202022-04-04 14:01:27.581root 11241100x8000000000000000184838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b349a8220acdead22022-04-04 14:01:27.581root 11241100x8000000000000000184837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8955c6c8b797c8412022-04-04 14:01:27.581root 11241100x8000000000000000184856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506bb1264951ef8c2022-04-04 14:01:27.582root 11241100x8000000000000000184855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485df712cfbe764c2022-04-04 14:01:27.582root 11241100x8000000000000000184854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589e4a065942e13f2022-04-04 14:01:27.582root 11241100x8000000000000000184853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965d04d671fcda692022-04-04 14:01:27.582root 11241100x8000000000000000184852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:27.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d9afece95494062022-04-04 14:01:27.582root 11241100x8000000000000000184869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0f071838bd94032022-04-04 14:01:28.077root 11241100x8000000000000000184868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2768ece7fca7ba2022-04-04 14:01:28.077root 11241100x8000000000000000184867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f82ad851730d482022-04-04 14:01:28.077root 11241100x8000000000000000184866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b297d2f850756d602022-04-04 14:01:28.077root 11241100x8000000000000000184865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c8f010255a0002022-04-04 14:01:28.077root 11241100x8000000000000000184864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ade3e5d4b5635cb2022-04-04 14:01:28.077root 11241100x8000000000000000184863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7d555f20174e412022-04-04 14:01:28.077root 11241100x8000000000000000184862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df75f95affe2c95d2022-04-04 14:01:28.077root 11241100x8000000000000000184861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208d2f747be3d7922022-04-04 14:01:28.077root 11241100x8000000000000000184860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e61d92c7a0c24e2022-04-04 14:01:28.077root 11241100x8000000000000000184859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e4929e00a14152022-04-04 14:01:28.077root 11241100x8000000000000000184858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299c83cc59a80cfc2022-04-04 14:01:28.077root 11241100x8000000000000000184857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f155ecbb526e3e82022-04-04 14:01:28.077root 11241100x8000000000000000184880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87844cfecf2305ca2022-04-04 14:01:28.078root 11241100x8000000000000000184879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe439f9dea56ffe2022-04-04 14:01:28.078root 11241100x8000000000000000184878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e0b4439d2f67922022-04-04 14:01:28.078root 11241100x8000000000000000184877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c55581509e2fa92022-04-04 14:01:28.078root 11241100x8000000000000000184876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6f94dcdd77c9a62022-04-04 14:01:28.078root 11241100x8000000000000000184875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99df6ca0aaf3c722022-04-04 14:01:28.078root 11241100x8000000000000000184874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea7bfffaa9274c42022-04-04 14:01:28.078root 11241100x8000000000000000184873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c544e623622749f22022-04-04 14:01:28.078root 11241100x8000000000000000184872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3e24fb0ec57d392022-04-04 14:01:28.078root 11241100x8000000000000000184871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820de607f875d1f42022-04-04 14:01:28.078root 11241100x8000000000000000184870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9471ad422b5d8c292022-04-04 14:01:28.078root 11241100x8000000000000000184887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfb1f1b7a696ca52022-04-04 14:01:28.079root 11241100x8000000000000000184886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3551b0a365bbaa902022-04-04 14:01:28.079root 11241100x8000000000000000184885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c8a9ef31ad63f2022-04-04 14:01:28.079root 11241100x8000000000000000184884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1111bfeacc64f67a2022-04-04 14:01:28.079root 11241100x8000000000000000184883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d46e6eef866cad2022-04-04 14:01:28.079root 11241100x8000000000000000184882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a871cce415012982022-04-04 14:01:28.079root 11241100x8000000000000000184881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de06ae99f5e01c82022-04-04 14:01:28.079root 11241100x8000000000000000184898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fc196a8d239f6b2022-04-04 14:01:28.577root 11241100x8000000000000000184897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a12d92dbbc5b5b2022-04-04 14:01:28.577root 11241100x8000000000000000184896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcd753bd5d3ec062022-04-04 14:01:28.577root 11241100x8000000000000000184895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eb3ad37d68757b2022-04-04 14:01:28.577root 11241100x8000000000000000184894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a19f8922a3b9b42022-04-04 14:01:28.577root 11241100x8000000000000000184893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324ee491b7ab9ac2022-04-04 14:01:28.577root 11241100x8000000000000000184892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43ccaedbba759582022-04-04 14:01:28.577root 11241100x8000000000000000184891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1053c0d6a0b12a2022-04-04 14:01:28.577root 11241100x8000000000000000184890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ce7498d9c3906c2022-04-04 14:01:28.577root 11241100x8000000000000000184889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df991fe36e89a0992022-04-04 14:01:28.577root 11241100x8000000000000000184888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da12693450b09692022-04-04 14:01:28.577root 11241100x8000000000000000184909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51be30bad9648f632022-04-04 14:01:28.578root 11241100x8000000000000000184908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f926fd31e6b0e8502022-04-04 14:01:28.578root 11241100x8000000000000000184907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21295e6e9f9a2e92022-04-04 14:01:28.578root 11241100x8000000000000000184906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ff5ffb473791212022-04-04 14:01:28.578root 11241100x8000000000000000184905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e835062270c07922022-04-04 14:01:28.578root 11241100x8000000000000000184904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc182bf2f17651e22022-04-04 14:01:28.578root 11241100x8000000000000000184903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16719f711121bb172022-04-04 14:01:28.578root 11241100x8000000000000000184902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ca0c81d412e3e52022-04-04 14:01:28.578root 11241100x8000000000000000184901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dfa24e17d744dc2022-04-04 14:01:28.578root 11241100x8000000000000000184900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c29fe06b6c23a022022-04-04 14:01:28.578root 11241100x8000000000000000184899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af610587421e14b02022-04-04 14:01:28.578root 11241100x8000000000000000184919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08610bf01ea531572022-04-04 14:01:28.579root 11241100x8000000000000000184918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a827e44d8dae2602022-04-04 14:01:28.579root 11241100x8000000000000000184917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a712efa967e01502022-04-04 14:01:28.579root 11241100x8000000000000000184916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f411a677a0ac522022-04-04 14:01:28.579root 11241100x8000000000000000184915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52944fcf7b49f0522022-04-04 14:01:28.579root 11241100x8000000000000000184914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7085d77662e69a2022-04-04 14:01:28.579root 11241100x8000000000000000184913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a472573ad455d72022-04-04 14:01:28.579root 11241100x8000000000000000184912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a8077fcc3025752022-04-04 14:01:28.579root 11241100x8000000000000000184911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5394c58d31734f822022-04-04 14:01:28.579root 11241100x8000000000000000184910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ee6b500045412c2022-04-04 14:01:28.579root 11241100x8000000000000000184925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02b8808921f8fd12022-04-04 14:01:28.580root 11241100x8000000000000000184924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac01cbfbdcabcc442022-04-04 14:01:28.580root 11241100x8000000000000000184923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a03bb83dc0ba4e2022-04-04 14:01:28.580root 11241100x8000000000000000184922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6dbaaf76b6b27d2022-04-04 14:01:28.580root 11241100x8000000000000000184921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34fbab6fac8192e2022-04-04 14:01:28.580root 11241100x8000000000000000184920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a1b70ec12feaf52022-04-04 14:01:28.580root 11241100x8000000000000000184936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad91303823258b22022-04-04 14:01:28.581root 11241100x8000000000000000184935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699ef038aa146e32022-04-04 14:01:28.581root 11241100x8000000000000000184934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002b0aadf6a743752022-04-04 14:01:28.581root 11241100x8000000000000000184933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32351f3b74495a3b2022-04-04 14:01:28.581root 11241100x8000000000000000184932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd2f08f396c3cd42022-04-04 14:01:28.581root 11241100x8000000000000000184931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d6ead719ec241e2022-04-04 14:01:28.581root 11241100x8000000000000000184930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae35bc9e1a14cae82022-04-04 14:01:28.581root 11241100x8000000000000000184929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19389efe4037c5d82022-04-04 14:01:28.581root 11241100x8000000000000000184928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e285bb462e3424412022-04-04 14:01:28.581root 11241100x8000000000000000184927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c64b509364234442022-04-04 14:01:28.581root 11241100x8000000000000000184926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14318ad27fc931b2022-04-04 14:01:28.581root 11241100x8000000000000000184947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4392d0f86f5ac40a2022-04-04 14:01:28.582root 11241100x8000000000000000184946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a40fa468dc7b3262022-04-04 14:01:28.582root 11241100x8000000000000000184945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14163ab4ddf9a5902022-04-04 14:01:28.582root 11241100x8000000000000000184944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb564c6a773b1eea2022-04-04 14:01:28.582root 11241100x8000000000000000184943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3619fb0e97f417e2022-04-04 14:01:28.582root 11241100x8000000000000000184942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3d1e75509fc6302022-04-04 14:01:28.582root 11241100x8000000000000000184941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2e76ef68448b222022-04-04 14:01:28.582root 11241100x8000000000000000184940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5b03d6976a0b6e2022-04-04 14:01:28.582root 11241100x8000000000000000184939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f3660e55bf4fa52022-04-04 14:01:28.582root 11241100x8000000000000000184938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405062da600ac20e2022-04-04 14:01:28.582root 11241100x8000000000000000184937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6b795bb3203ffe2022-04-04 14:01:28.582root 11241100x8000000000000000184955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d332f420660992022-04-04 14:01:28.583root 11241100x8000000000000000184954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a804e1833b0cbb512022-04-04 14:01:28.583root 11241100x8000000000000000184953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdcd17abe1f8a542022-04-04 14:01:28.583root 11241100x8000000000000000184952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e46ef09204a85382022-04-04 14:01:28.583root 11241100x8000000000000000184951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612e9dcf614647192022-04-04 14:01:28.583root 11241100x8000000000000000184950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de7f14c1499a5212022-04-04 14:01:28.583root 11241100x8000000000000000184949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb73d25b226bd6672022-04-04 14:01:28.583root 11241100x8000000000000000184948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:28.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4a48849bfe22752022-04-04 14:01:28.583root 11241100x8000000000000000184967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f06d16bdb269d2022-04-04 14:01:29.077root 11241100x8000000000000000184966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cc63891c6e492f2022-04-04 14:01:29.077root 11241100x8000000000000000184965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a367b4c9efef56552022-04-04 14:01:29.077root 11241100x8000000000000000184964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a8a239402cb31f2022-04-04 14:01:29.077root 11241100x8000000000000000184963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06774778ed26eb2022-04-04 14:01:29.077root 11241100x8000000000000000184962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819dc7e601f03cdd2022-04-04 14:01:29.077root 11241100x8000000000000000184961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b9fd460523335f2022-04-04 14:01:29.077root 11241100x8000000000000000184960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894efa74793804a62022-04-04 14:01:29.077root 11241100x8000000000000000184959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7d531dfd01f9542022-04-04 14:01:29.077root 11241100x8000000000000000184958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691e005ce8b5f392022-04-04 14:01:29.077root 11241100x8000000000000000184957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a5bf0741f3a1df2022-04-04 14:01:29.077root 11241100x8000000000000000184956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380c5df30d29a1d52022-04-04 14:01:29.077root 11241100x8000000000000000184982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ae6e0e6a5d53d02022-04-04 14:01:29.078root 11241100x8000000000000000184981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1290fc28851c656d2022-04-04 14:01:29.078root 11241100x8000000000000000184980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3816eab1ce39912022-04-04 14:01:29.078root 11241100x8000000000000000184979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0895c997673ae0062022-04-04 14:01:29.078root 11241100x8000000000000000184978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e5234007a53d4f2022-04-04 14:01:29.078root 11241100x8000000000000000184977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8099cb6fa971948d2022-04-04 14:01:29.078root 11241100x8000000000000000184976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647533a8537565cd2022-04-04 14:01:29.078root 11241100x8000000000000000184975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97107ee660365f842022-04-04 14:01:29.078root 11241100x8000000000000000184974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259133b2907b91c42022-04-04 14:01:29.078root 11241100x8000000000000000184973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aad6fcdf4563fa42022-04-04 14:01:29.078root 11241100x8000000000000000184972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e88acf3a861bac2022-04-04 14:01:29.078root 11241100x8000000000000000184971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f441d2f97217e082022-04-04 14:01:29.078root 11241100x8000000000000000184970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed506b6a26b20192022-04-04 14:01:29.078root 11241100x8000000000000000184969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95524d273430a5ca2022-04-04 14:01:29.078root 11241100x8000000000000000184968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8517e1aad5cbe7c72022-04-04 14:01:29.078root 11241100x8000000000000000184986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9e39a001e82df52022-04-04 14:01:29.079root 11241100x8000000000000000184985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cf17e8f7847b182022-04-04 14:01:29.079root 11241100x8000000000000000184984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3e40561b3aabd72022-04-04 14:01:29.079root 11241100x8000000000000000184983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc39b4b145de2a92022-04-04 14:01:29.079root 11241100x8000000000000000184987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545147cdacc14bfa2022-04-04 14:01:29.576root 11241100x8000000000000000184997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d2c9e62511f6772022-04-04 14:01:29.577root 11241100x8000000000000000184996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5c623fe0201bae2022-04-04 14:01:29.577root 11241100x8000000000000000184995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba9ea158bcc67352022-04-04 14:01:29.577root 11241100x8000000000000000184994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f358bdddf80c632022-04-04 14:01:29.577root 11241100x8000000000000000184993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cc9ad685b01af52022-04-04 14:01:29.577root 11241100x8000000000000000184992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f2efdb641e54452022-04-04 14:01:29.577root 11241100x8000000000000000184991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf6d8ce77caf9c2022-04-04 14:01:29.577root 11241100x8000000000000000184990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386e1a14a524fc22022-04-04 14:01:29.577root 11241100x8000000000000000184989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb46bfc3234a18c2022-04-04 14:01:29.577root 11241100x8000000000000000184988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15de079ba3ceeec2022-04-04 14:01:29.577root 11241100x8000000000000000185008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acd7a56b5ef1a1e2022-04-04 14:01:29.578root 11241100x8000000000000000185007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4fa613355bb0b42022-04-04 14:01:29.578root 11241100x8000000000000000185006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7e88456057150b2022-04-04 14:01:29.578root 11241100x8000000000000000185005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256b00cc550bea6a2022-04-04 14:01:29.578root 11241100x8000000000000000185004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e939e76e9c93fba2022-04-04 14:01:29.578root 11241100x8000000000000000185003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab752edbd2821c282022-04-04 14:01:29.578root 11241100x8000000000000000185002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4436e477950642022-04-04 14:01:29.578root 11241100x8000000000000000185001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0734e9b2ec70318b2022-04-04 14:01:29.578root 11241100x8000000000000000185000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535c082ee0ab1e2f2022-04-04 14:01:29.578root 11241100x8000000000000000184999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcab9490ee495b922022-04-04 14:01:29.578root 11241100x8000000000000000184998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d413ce23ea4d0e62022-04-04 14:01:29.578root 11241100x8000000000000000185017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccae5f52e92327b92022-04-04 14:01:29.579root 11241100x8000000000000000185016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a4dd0360b811b02022-04-04 14:01:29.579root 11241100x8000000000000000185015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79367a09bbb998c2022-04-04 14:01:29.579root 11241100x8000000000000000185014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f37e3c1cc6386812022-04-04 14:01:29.579root 11241100x8000000000000000185013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6698e74014db792022-04-04 14:01:29.579root 11241100x8000000000000000185012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2c501e37bea5912022-04-04 14:01:29.579root 11241100x8000000000000000185011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0191d7fb26bd2c342022-04-04 14:01:29.579root 11241100x8000000000000000185010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb220a35f88dae942022-04-04 14:01:29.579root 11241100x8000000000000000185009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:29.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ab0e4ea6c913d22022-04-04 14:01:29.579root 11241100x8000000000000000185023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9010d4a15a8accd52022-04-04 14:01:30.077root 11241100x8000000000000000185022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bd7aeb063e76902022-04-04 14:01:30.077root 11241100x8000000000000000185021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c0f39f5564a0bf2022-04-04 14:01:30.077root 11241100x8000000000000000185020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c520d33a4f18ffc02022-04-04 14:01:30.077root 11241100x8000000000000000185019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d12522c9b36d6412022-04-04 14:01:30.077root 11241100x8000000000000000185018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069f652c8fc0ab812022-04-04 14:01:30.077root 11241100x8000000000000000185032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f77ddf89e3f9f7a2022-04-04 14:01:30.078root 11241100x8000000000000000185031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5664cf5a727c5262022-04-04 14:01:30.078root 11241100x8000000000000000185030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15efa93d804015932022-04-04 14:01:30.078root 11241100x8000000000000000185029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa6ad0e40b3efcb2022-04-04 14:01:30.078root 11241100x8000000000000000185028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6328381fe131512022-04-04 14:01:30.078root 11241100x8000000000000000185027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f85269442a206692022-04-04 14:01:30.078root 11241100x8000000000000000185026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d6841ad8e7424d2022-04-04 14:01:30.078root 11241100x8000000000000000185025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df341766ca2d7212022-04-04 14:01:30.078root 11241100x8000000000000000185024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba216798b5d86b972022-04-04 14:01:30.078root 11241100x8000000000000000185038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21db40864b2585c02022-04-04 14:01:30.079root 11241100x8000000000000000185037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd71374dabcf2b5b2022-04-04 14:01:30.079root 11241100x8000000000000000185036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f662cefd4ef6442022-04-04 14:01:30.079root 11241100x8000000000000000185035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2662d1a1c9b190692022-04-04 14:01:30.079root 11241100x8000000000000000185034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4f8d7ec50e0e5b2022-04-04 14:01:30.079root 11241100x8000000000000000185033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea94a998dd2c502d2022-04-04 14:01:30.079root 11241100x8000000000000000185041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec24b218c4fdece2022-04-04 14:01:30.080root 11241100x8000000000000000185040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081bc2cfa2e6c1532022-04-04 14:01:30.080root 11241100x8000000000000000185039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc48ecd6a1fcd222022-04-04 14:01:30.080root 11241100x8000000000000000185043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dab28394f0228912022-04-04 14:01:30.082root 11241100x8000000000000000185042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b828da35e0dd1012022-04-04 14:01:30.082root 11241100x8000000000000000185048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24080baf3df009452022-04-04 14:01:30.083root 11241100x8000000000000000185047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb195b42bb6c7272022-04-04 14:01:30.083root 11241100x8000000000000000185046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6918405a556a96c2022-04-04 14:01:30.083root 11241100x8000000000000000185045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b464b382318202022-04-04 14:01:30.083root 11241100x8000000000000000185044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4d5482f1b0bfe02022-04-04 14:01:30.083root 11241100x8000000000000000185052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75194446ce1e58c2022-04-04 14:01:30.577root 11241100x8000000000000000185051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1f7a2b458ee0db2022-04-04 14:01:30.577root 11241100x8000000000000000185050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eb2aff18b7b1612022-04-04 14:01:30.577root 11241100x8000000000000000185049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a9fb124cf7f48e2022-04-04 14:01:30.577root 11241100x8000000000000000185061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a88773b731cdb3a2022-04-04 14:01:30.578root 11241100x8000000000000000185060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1237278b359f4b102022-04-04 14:01:30.578root 11241100x8000000000000000185059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b6d6eb9f5ed4492022-04-04 14:01:30.578root 11241100x8000000000000000185058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a349c110e419002022-04-04 14:01:30.578root 11241100x8000000000000000185057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfdeaf952fc82d42022-04-04 14:01:30.578root 11241100x8000000000000000185056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d1ca20c1cda0ff2022-04-04 14:01:30.578root 11241100x8000000000000000185055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e350c8cacd4353322022-04-04 14:01:30.578root 11241100x8000000000000000185054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0a8518c7ff74f92022-04-04 14:01:30.578root 11241100x8000000000000000185053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6cbade89297d992022-04-04 14:01:30.578root 11241100x8000000000000000185071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4f51b83db4c4722022-04-04 14:01:30.579root 11241100x8000000000000000185070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6363e544c77337972022-04-04 14:01:30.579root 11241100x8000000000000000185069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac662b873a31702022-04-04 14:01:30.579root 11241100x8000000000000000185068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf339efc8015b71a2022-04-04 14:01:30.579root 11241100x8000000000000000185067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f05114ef059a7682022-04-04 14:01:30.579root 11241100x8000000000000000185066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61813b3d157baa2022-04-04 14:01:30.579root 11241100x8000000000000000185065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdbadc47be0886e2022-04-04 14:01:30.579root 11241100x8000000000000000185064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e847a1fc6d1e454d2022-04-04 14:01:30.579root 11241100x8000000000000000185063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a0a128207db71c2022-04-04 14:01:30.579root 11241100x8000000000000000185062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f52e5049671e3772022-04-04 14:01:30.579root 11241100x8000000000000000185079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca981eecd3f9cc12022-04-04 14:01:30.580root 11241100x8000000000000000185078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c7699222545fa2022-04-04 14:01:30.580root 11241100x8000000000000000185077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9059f335cb08e52022-04-04 14:01:30.580root 11241100x8000000000000000185076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5645ffc515f6e14e2022-04-04 14:01:30.580root 11241100x8000000000000000185075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a45fc316982a2f12022-04-04 14:01:30.580root 11241100x8000000000000000185074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a45bd153c33a02022-04-04 14:01:30.580root 11241100x8000000000000000185073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab8ed1426fac2772022-04-04 14:01:30.580root 11241100x8000000000000000185072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:30.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11bbe3c89bdf9692022-04-04 14:01:30.580root 11241100x8000000000000000185085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759bacf308508ad12022-04-04 14:01:31.076root 11241100x8000000000000000185084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83018db16313feb42022-04-04 14:01:31.076root 11241100x8000000000000000185083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e1763900c6bcd02022-04-04 14:01:31.076root 11241100x8000000000000000185082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf66f6372b7ab0142022-04-04 14:01:31.076root 11241100x8000000000000000185081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e6d816cf02a05e2022-04-04 14:01:31.076root 11241100x8000000000000000185080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18217d9fb6af62c2022-04-04 14:01:31.076root 11241100x8000000000000000185098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082e1b515ac0c712022-04-04 14:01:31.077root 11241100x8000000000000000185097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ca3736d9a843612022-04-04 14:01:31.077root 11241100x8000000000000000185096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc496c5bbbc725382022-04-04 14:01:31.077root 11241100x8000000000000000185095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1737c7320f13532b2022-04-04 14:01:31.077root 11241100x8000000000000000185094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b8799b975bcb32022-04-04 14:01:31.077root 11241100x8000000000000000185093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1a65ac9d3e99442022-04-04 14:01:31.077root 11241100x8000000000000000185092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1947e5847ce90232022-04-04 14:01:31.077root 11241100x8000000000000000185091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fc19a3e6d2a9cc2022-04-04 14:01:31.077root 11241100x8000000000000000185090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a752411b29352c2022-04-04 14:01:31.077root 11241100x8000000000000000185089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c040c9f3d9653b2022-04-04 14:01:31.077root 11241100x8000000000000000185088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9009fdb2bf9aeff32022-04-04 14:01:31.077root 11241100x8000000000000000185087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047a226e64a932322022-04-04 14:01:31.077root 11241100x8000000000000000185086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0ce6ee2f1ee1cf2022-04-04 14:01:31.077root 11241100x8000000000000000185113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8a11567f1e5ed92022-04-04 14:01:31.078root 11241100x8000000000000000185112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d051b2a79d1529d92022-04-04 14:01:31.078root 11241100x8000000000000000185111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84514678c09ae3422022-04-04 14:01:31.078root 11241100x8000000000000000185110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e747bec05731042022-04-04 14:01:31.078root 11241100x8000000000000000185109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5201145fb6d807d2022-04-04 14:01:31.078root 11241100x8000000000000000185108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ed3d2060367342022-04-04 14:01:31.078root 11241100x8000000000000000185107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5587265ebc2c37c2022-04-04 14:01:31.078root 11241100x8000000000000000185106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d9de259711be52022-04-04 14:01:31.078root 11241100x8000000000000000185105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2eed6560d2b0842022-04-04 14:01:31.078root 11241100x8000000000000000185104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484cbee7712cc8d62022-04-04 14:01:31.078root 11241100x8000000000000000185103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de61895af73fb562022-04-04 14:01:31.078root 11241100x8000000000000000185102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f31a58d4d899372022-04-04 14:01:31.078root 11241100x8000000000000000185101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9cde0331b82e7c2022-04-04 14:01:31.078root 11241100x8000000000000000185100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ee76836d5d9a912022-04-04 14:01:31.078root 11241100x8000000000000000185099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad437b5d234f9ee92022-04-04 14:01:31.078root 11241100x8000000000000000185129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379ca9c287fa42442022-04-04 14:01:31.079root 11241100x8000000000000000185128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc4adb522c289872022-04-04 14:01:31.079root 11241100x8000000000000000185127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdc12719b5ebc592022-04-04 14:01:31.079root 11241100x8000000000000000185126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430d41cbe95c03182022-04-04 14:01:31.079root 11241100x8000000000000000185125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53dcb3dafff9abf2022-04-04 14:01:31.079root 11241100x8000000000000000185124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f203423fae58a2c2022-04-04 14:01:31.079root 11241100x8000000000000000185123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb6be1767cfc1ba2022-04-04 14:01:31.079root 11241100x8000000000000000185122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfa43d4cf3cfb3d2022-04-04 14:01:31.079root 11241100x8000000000000000185121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229d6814091476102022-04-04 14:01:31.079root 11241100x8000000000000000185120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51d1e9836f9c4d72022-04-04 14:01:31.079root 11241100x8000000000000000185119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4031d305efd715b02022-04-04 14:01:31.079root 11241100x8000000000000000185118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a791c0200e3d4f2022-04-04 14:01:31.079root 11241100x8000000000000000185117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4edc44a03e99742022-04-04 14:01:31.079root 11241100x8000000000000000185116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8b484237c024dd2022-04-04 14:01:31.079root 11241100x8000000000000000185115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff92b9f179a90302022-04-04 14:01:31.079root 11241100x8000000000000000185114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a0d152875127592022-04-04 14:01:31.079root 11241100x8000000000000000185137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129cf48a4ecec6262022-04-04 14:01:31.080root 11241100x8000000000000000185136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4b43a4a39547082022-04-04 14:01:31.080root 11241100x8000000000000000185135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969a53492127c3c32022-04-04 14:01:31.080root 11241100x8000000000000000185134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486a77a0f07cfc7c2022-04-04 14:01:31.080root 11241100x8000000000000000185133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d753ba4ac9c1d5b72022-04-04 14:01:31.080root 11241100x8000000000000000185132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831184b272c259a62022-04-04 14:01:31.080root 11241100x8000000000000000185131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec4678a240afa372022-04-04 14:01:31.080root 11241100x8000000000000000185130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01c9e963d7d2bfe2022-04-04 14:01:31.080root 11241100x8000000000000000185141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88afc8a2b09a8042022-04-04 14:01:31.081root 11241100x8000000000000000185140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2a418e10a9a9fb2022-04-04 14:01:31.081root 11241100x8000000000000000185139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c879f85af9e3eb1d2022-04-04 14:01:31.081root 11241100x8000000000000000185138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ca46641168ff022022-04-04 14:01:31.081root 11241100x8000000000000000185142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.084{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54da3f9b31a91b72022-04-04 14:01:31.084root 11241100x8000000000000000185152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2780b45152eec42022-04-04 14:01:31.085root 11241100x8000000000000000185151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d696609b13caa72022-04-04 14:01:31.085root 11241100x8000000000000000185150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f590146d2cb364392022-04-04 14:01:31.085root 11241100x8000000000000000185149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adadd9740ada4602022-04-04 14:01:31.085root 11241100x8000000000000000185148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb332a449ceec152022-04-04 14:01:31.085root 11241100x8000000000000000185147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e44d27e49d2082f2022-04-04 14:01:31.085root 11241100x8000000000000000185146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9dadcbb6d405c72022-04-04 14:01:31.085root 11241100x8000000000000000185145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9776722d990a202022-04-04 14:01:31.085root 11241100x8000000000000000185144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b062725246e77a2022-04-04 14:01:31.085root 11241100x8000000000000000185143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69167806930e86f02022-04-04 14:01:31.085root 11241100x8000000000000000185158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.087{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37384ef5f99da0a82022-04-04 14:01:31.087root 11241100x8000000000000000185157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.087{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9454c37205f6d8182022-04-04 14:01:31.087root 11241100x8000000000000000185156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.087{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58501e45b7dec57c2022-04-04 14:01:31.087root 11241100x8000000000000000185155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.087{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc611a9acc22cf52022-04-04 14:01:31.087root 11241100x8000000000000000185154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.087{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c19991241236612022-04-04 14:01:31.087root 11241100x8000000000000000185153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.087{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f86124434185d482022-04-04 14:01:31.087root 11241100x8000000000000000185159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.088{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903c7eb3b0194d8b2022-04-04 14:01:31.088root 11241100x8000000000000000185167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc2e2930c20d4f62022-04-04 14:01:31.089root 11241100x8000000000000000185166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e405c806e9c79c2022-04-04 14:01:31.089root 11241100x8000000000000000185165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494379edb30cef742022-04-04 14:01:31.089root 11241100x8000000000000000185164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daca89771efbf172022-04-04 14:01:31.089root 11241100x8000000000000000185163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e240c5eab967a032022-04-04 14:01:31.089root 11241100x8000000000000000185162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60367be18f15cfcb2022-04-04 14:01:31.089root 11241100x8000000000000000185161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab9f3fb117c44d52022-04-04 14:01:31.089root 11241100x8000000000000000185160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.089{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ec1e824788b6fa2022-04-04 14:01:31.089root 11241100x8000000000000000185177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83879498b153c442022-04-04 14:01:31.090root 11241100x8000000000000000185176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e98e900e347f742022-04-04 14:01:31.090root 11241100x8000000000000000185175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b9b69c353264f62022-04-04 14:01:31.090root 11241100x8000000000000000185174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04c57926fc519da2022-04-04 14:01:31.090root 11241100x8000000000000000185173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b541447ef3eaad2022-04-04 14:01:31.090root 11241100x8000000000000000185172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b32db817a2124872022-04-04 14:01:31.090root 11241100x8000000000000000185171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c6a9bca1d36152022-04-04 14:01:31.090root 11241100x8000000000000000185170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bc1aa845ab84142022-04-04 14:01:31.090root 11241100x8000000000000000185169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f8e0db6a30c8a42022-04-04 14:01:31.090root 11241100x8000000000000000185168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.090{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e997e510b6d1412022-04-04 14:01:31.090root 11241100x8000000000000000185183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.092{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a71b54d47145522022-04-04 14:01:31.092root 11241100x8000000000000000185182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.092{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8552ffba4bb855e72022-04-04 14:01:31.092root 11241100x8000000000000000185181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.092{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3750417b7ca00ec82022-04-04 14:01:31.092root 11241100x8000000000000000185180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.092{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f797e63222c792022-04-04 14:01:31.092root 11241100x8000000000000000185179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.092{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4d56ebb1b5b2e52022-04-04 14:01:31.092root 11241100x8000000000000000185178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.092{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf3491cdebe28052022-04-04 14:01:31.092root 354300x8000000000000000185184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.165{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34462-false10.0.1.12-8000- 11241100x8000000000000000185187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d33f2101714db8e2022-04-04 14:01:31.577root 11241100x8000000000000000185186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7e9e2810e012a22022-04-04 14:01:31.577root 11241100x8000000000000000185185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e7d28fb5e062a2022-04-04 14:01:31.577root 11241100x8000000000000000185196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bd899f74a540be2022-04-04 14:01:31.578root 11241100x8000000000000000185195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0dd3192f060d152022-04-04 14:01:31.578root 11241100x8000000000000000185194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70685c456d4bdb252022-04-04 14:01:31.578root 11241100x8000000000000000185193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb5faf3fb19be0e2022-04-04 14:01:31.578root 11241100x8000000000000000185192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff1a85f3a8e82a62022-04-04 14:01:31.578root 11241100x8000000000000000185191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e068e2d0f9a8bafd2022-04-04 14:01:31.578root 11241100x8000000000000000185190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaada51a4513bcd02022-04-04 14:01:31.578root 11241100x8000000000000000185189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84569f3ccce274722022-04-04 14:01:31.578root 11241100x8000000000000000185188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f834076d17d055d2022-04-04 14:01:31.578root 11241100x8000000000000000185212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2209609f78b9b82022-04-04 14:01:31.579root 11241100x8000000000000000185211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a311e43906602e92022-04-04 14:01:31.579root 11241100x8000000000000000185210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2671de56934f852022-04-04 14:01:31.579root 11241100x8000000000000000185209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02408512e9a37882022-04-04 14:01:31.579root 11241100x8000000000000000185208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10dbedfac6739842022-04-04 14:01:31.579root 11241100x8000000000000000185207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a334d0e0310909bc2022-04-04 14:01:31.579root 11241100x8000000000000000185206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a89de6995bb3e72022-04-04 14:01:31.579root 11241100x8000000000000000185205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d95a3a94f7653e2022-04-04 14:01:31.579root 11241100x8000000000000000185204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b6e674c79de162022-04-04 14:01:31.579root 11241100x8000000000000000185203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3318611f73dc6d2022-04-04 14:01:31.579root 11241100x8000000000000000185202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5eb2381a6e5c9722022-04-04 14:01:31.579root 11241100x8000000000000000185201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad69f52815acfc82022-04-04 14:01:31.579root 11241100x8000000000000000185200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28829fe78f77606e2022-04-04 14:01:31.579root 11241100x8000000000000000185199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be42a2190785edf2022-04-04 14:01:31.579root 11241100x8000000000000000185198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79adce774294212f2022-04-04 14:01:31.579root 11241100x8000000000000000185197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92d91fdc0c51d492022-04-04 14:01:31.579root 11241100x8000000000000000185216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e45cf6f11ae13f2022-04-04 14:01:31.580root 11241100x8000000000000000185215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6c144e929374782022-04-04 14:01:31.580root 11241100x8000000000000000185214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a61f41e23261c192022-04-04 14:01:31.580root 11241100x8000000000000000185213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:31.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db703e966d0697e22022-04-04 14:01:31.580root 11241100x8000000000000000185217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999df83b3129e392022-04-04 14:01:32.076root 11241100x8000000000000000185222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e4b4653085b6392022-04-04 14:01:32.077root 11241100x8000000000000000185221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523fc1bd21dc37e2022-04-04 14:01:32.077root 11241100x8000000000000000185220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a51dd3f9fd9ccc2022-04-04 14:01:32.077root 11241100x8000000000000000185219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03a6d653bd94bb42022-04-04 14:01:32.077root 11241100x8000000000000000185218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf5f80e847bdd7a2022-04-04 14:01:32.077root 11241100x8000000000000000185228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe269cd40e8a7afd2022-04-04 14:01:32.078root 11241100x8000000000000000185227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5575c918e57b35ed2022-04-04 14:01:32.078root 11241100x8000000000000000185226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c7a3e6e1e38902022-04-04 14:01:32.078root 11241100x8000000000000000185225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff64be1cea66aec2022-04-04 14:01:32.078root 11241100x8000000000000000185224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b02b3ef8776c462022-04-04 14:01:32.078root 11241100x8000000000000000185223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cdfb9865ba09e62022-04-04 14:01:32.078root 11241100x8000000000000000185237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c19f5b51df63fb2022-04-04 14:01:32.079root 11241100x8000000000000000185236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8c0bf2221a63d02022-04-04 14:01:32.079root 11241100x8000000000000000185235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08183a6bca4f42732022-04-04 14:01:32.079root 11241100x8000000000000000185234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32902885e7543772022-04-04 14:01:32.079root 11241100x8000000000000000185233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cb1433f2e3b2002022-04-04 14:01:32.079root 11241100x8000000000000000185232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c01cd59f5153bb2022-04-04 14:01:32.079root 11241100x8000000000000000185231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bb4fcec86efd262022-04-04 14:01:32.079root 11241100x8000000000000000185230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a2c90c1cd610002022-04-04 14:01:32.079root 11241100x8000000000000000185229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd442e4e9a078492022-04-04 14:01:32.079root 11241100x8000000000000000185248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4152659b35763c12022-04-04 14:01:32.080root 11241100x8000000000000000185247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4023ca3dfac64c522022-04-04 14:01:32.080root 11241100x8000000000000000185246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a7082800377f862022-04-04 14:01:32.080root 11241100x8000000000000000185245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682acd9cd816c9042022-04-04 14:01:32.080root 11241100x8000000000000000185244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84412976d861bf822022-04-04 14:01:32.080root 11241100x8000000000000000185243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976def7de5f260ee2022-04-04 14:01:32.080root 11241100x8000000000000000185242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bca45099a60c5a2022-04-04 14:01:32.080root 11241100x8000000000000000185241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6420427d210c8c2022-04-04 14:01:32.080root 11241100x8000000000000000185240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aa3ce19899707c2022-04-04 14:01:32.080root 11241100x8000000000000000185239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e09c8b6ab7e4872022-04-04 14:01:32.080root 11241100x8000000000000000185238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47b20f434409b892022-04-04 14:01:32.080root 11241100x8000000000000000185253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21b5467c0438f6f2022-04-04 14:01:32.081root 11241100x8000000000000000185252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f494b943eb4d3922022-04-04 14:01:32.081root 11241100x8000000000000000185251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f164ac56df9dd42022-04-04 14:01:32.081root 11241100x8000000000000000185250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e436a45145636a22022-04-04 14:01:32.081root 11241100x8000000000000000185249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf531fa9345eec82022-04-04 14:01:32.081root 11241100x8000000000000000185254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.257{ec21797c-f0d9-624a-60fc-886112560000}5459/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-04-04 14:01:32.257root 354300x8000000000000000185255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.458{ec21797c-f0d9-624a-60fc-886112560000}5459/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39022-false10.0.1.12-8089- 11241100x8000000000000000185260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.459{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b4d8c77bb1b9b62022-04-04 14:01:32.459root 11241100x8000000000000000185259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.459{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc19cbd3bcb7e0642022-04-04 14:01:32.459root 11241100x8000000000000000185258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.459{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f68c43d3583305c2022-04-04 14:01:32.459root 11241100x8000000000000000185257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.459{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f76966aae7cf1522022-04-04 14:01:32.459root 11241100x8000000000000000185256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.459{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd33f8c83a711e22022-04-04 14:01:32.459root 11241100x8000000000000000185270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6034c1e331a9e2b2022-04-04 14:01:32.460root 11241100x8000000000000000185269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1927e8124de78a2022-04-04 14:01:32.460root 11241100x8000000000000000185268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6651ff10f11f22f42022-04-04 14:01:32.460root 11241100x8000000000000000185267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cffcc058780394c2022-04-04 14:01:32.460root 11241100x8000000000000000185266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7e502bfaabe9672022-04-04 14:01:32.460root 11241100x8000000000000000185265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a7eb2f2613e4b72022-04-04 14:01:32.460root 11241100x8000000000000000185264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8a9c6f254f69a2022-04-04 14:01:32.460root 11241100x8000000000000000185263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9be39b5ccf13602022-04-04 14:01:32.460root 11241100x8000000000000000185262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5c282de781cfff2022-04-04 14:01:32.460root 11241100x8000000000000000185261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.460{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3a3ed56de3bd852022-04-04 14:01:32.460root 11241100x8000000000000000185282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca1bae9f5aee47a2022-04-04 14:01:32.461root 11241100x8000000000000000185281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d784df8142852c3c2022-04-04 14:01:32.461root 11241100x8000000000000000185280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b95af58f9689402022-04-04 14:01:32.461root 11241100x8000000000000000185279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4483bc3bb458822022-04-04 14:01:32.461root 11241100x8000000000000000185278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b2a103a63a4f262022-04-04 14:01:32.461root 11241100x8000000000000000185277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d45c3c1326caeb2022-04-04 14:01:32.461root 11241100x8000000000000000185276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6555d6f86698c2022-04-04 14:01:32.461root 11241100x8000000000000000185275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eeb6b5a232fd812022-04-04 14:01:32.461root 11241100x8000000000000000185274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296319ebc03c63c62022-04-04 14:01:32.461root 11241100x8000000000000000185273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153ad674bcfbd2df2022-04-04 14:01:32.461root 11241100x8000000000000000185272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eab81ead12681852022-04-04 14:01:32.461root 11241100x8000000000000000185271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.461{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b47e9c37793af12022-04-04 14:01:32.461root 11241100x8000000000000000185295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e48ec681b9833b2022-04-04 14:01:32.462root 11241100x8000000000000000185294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a8dc7af18e28b92022-04-04 14:01:32.462root 11241100x8000000000000000185293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98f70e8074d3abf2022-04-04 14:01:32.462root 11241100x8000000000000000185292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06ccce0dd9bfb8e2022-04-04 14:01:32.462root 11241100x8000000000000000185291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2d7ddec7b744cd2022-04-04 14:01:32.462root 11241100x8000000000000000185290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281d5ced98ea15112022-04-04 14:01:32.462root 11241100x8000000000000000185289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034e20fef3a2bbdc2022-04-04 14:01:32.462root 11241100x8000000000000000185288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9938b5ae1c8ac6612022-04-04 14:01:32.462root 11241100x8000000000000000185287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9232010606b2a12022-04-04 14:01:32.462root 11241100x8000000000000000185286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507e563f959dae282022-04-04 14:01:32.462root 11241100x8000000000000000185285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e4abe1f0c3f11b2022-04-04 14:01:32.462root 11241100x8000000000000000185284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb0d04a23a0df22022-04-04 14:01:32.462root 11241100x8000000000000000185283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.462{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6e8ddeb209d6212022-04-04 14:01:32.462root 11241100x8000000000000000185297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4002fabf108fd912022-04-04 14:01:32.826root 11241100x8000000000000000185296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deccb972b3337e42022-04-04 14:01:32.826root 11241100x8000000000000000185312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6313601dfe6be7462022-04-04 14:01:32.827root 11241100x8000000000000000185311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175154754eecadf52022-04-04 14:01:32.827root 11241100x8000000000000000185310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a993e77ad665ce012022-04-04 14:01:32.827root 11241100x8000000000000000185309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cab3b58f1042e02022-04-04 14:01:32.827root 11241100x8000000000000000185308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82cf0be0e4acb5e2022-04-04 14:01:32.827root 11241100x8000000000000000185307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91792cb58d4a53b2022-04-04 14:01:32.827root 11241100x8000000000000000185306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7384353ded097c622022-04-04 14:01:32.827root 11241100x8000000000000000185305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0d6549683da9b22022-04-04 14:01:32.827root 11241100x8000000000000000185304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1136660ac169b99c2022-04-04 14:01:32.827root 11241100x8000000000000000185303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec77d4203fe042552022-04-04 14:01:32.827root 11241100x8000000000000000185302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c4aa7c814d77122022-04-04 14:01:32.827root 11241100x8000000000000000185301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6161085feadbb2a2022-04-04 14:01:32.827root 11241100x8000000000000000185300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9184879485d40d992022-04-04 14:01:32.827root 11241100x8000000000000000185299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f8c53fe6cfd74e2022-04-04 14:01:32.827root 11241100x8000000000000000185298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f36db16ef6af742022-04-04 14:01:32.827root 11241100x8000000000000000185328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5032236e8647005b2022-04-04 14:01:32.828root 11241100x8000000000000000185327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1033b09c48f9aa5b2022-04-04 14:01:32.828root 11241100x8000000000000000185326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258bf741616966022022-04-04 14:01:32.828root 11241100x8000000000000000185325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa8c8507f0950da2022-04-04 14:01:32.828root 11241100x8000000000000000185324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2353faf8fb7f12f42022-04-04 14:01:32.828root 11241100x8000000000000000185323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb964515e1ad8132022-04-04 14:01:32.828root 11241100x8000000000000000185322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5d58b70f4ef1c62022-04-04 14:01:32.828root 11241100x8000000000000000185321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d86741859c627392022-04-04 14:01:32.828root 11241100x8000000000000000185320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a4798a7fe9f942022-04-04 14:01:32.828root 11241100x8000000000000000185319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92fae0b5026e4562022-04-04 14:01:32.828root 11241100x8000000000000000185318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807d60eda376b7b62022-04-04 14:01:32.828root 11241100x8000000000000000185317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0938cf99ba766b42022-04-04 14:01:32.828root 11241100x8000000000000000185316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7ba99f89479d6b2022-04-04 14:01:32.828root 11241100x8000000000000000185315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67cfacc8b2318452022-04-04 14:01:32.828root 11241100x8000000000000000185314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ec639f1ea6e7e22022-04-04 14:01:32.828root 11241100x8000000000000000185313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96090f2f2858618b2022-04-04 14:01:32.828root 11241100x8000000000000000185344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2e4279f4528a22022-04-04 14:01:32.829root 11241100x8000000000000000185343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d825681cee69412022-04-04 14:01:32.829root 11241100x8000000000000000185342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022ac375bad2de72022-04-04 14:01:32.829root 11241100x8000000000000000185341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968727a14d08f2fc2022-04-04 14:01:32.829root 11241100x8000000000000000185340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b7e2242d9453d32022-04-04 14:01:32.829root 11241100x8000000000000000185339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d546d5d010eb5b2022-04-04 14:01:32.829root 11241100x8000000000000000185338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e17e3efb9ab1ddf2022-04-04 14:01:32.829root 11241100x8000000000000000185337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8dc2b05b629cbb2022-04-04 14:01:32.829root 11241100x8000000000000000185336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe669ba98f73501a2022-04-04 14:01:32.829root 11241100x8000000000000000185335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17250a3993f687512022-04-04 14:01:32.829root 11241100x8000000000000000185334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60f4464fcc48b192022-04-04 14:01:32.829root 11241100x8000000000000000185333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caf900420e88d572022-04-04 14:01:32.829root 11241100x8000000000000000185332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee30162531097c2022-04-04 14:01:32.829root 11241100x8000000000000000185331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5342df105c536a2022-04-04 14:01:32.829root 11241100x8000000000000000185330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82af4db56c379b2d2022-04-04 14:01:32.829root 11241100x8000000000000000185329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64668f90b3fcf1d32022-04-04 14:01:32.829root 11241100x8000000000000000185346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3e7bccd93871a02022-04-04 14:01:32.830root 11241100x8000000000000000185345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:32.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9519f25978febdd82022-04-04 14:01:32.830root 11241100x8000000000000000185347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c925a2e548af7ada2022-04-04 14:01:33.326root 11241100x8000000000000000185360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81fecf355356b352022-04-04 14:01:33.327root 11241100x8000000000000000185359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed1d13b6a80e1362022-04-04 14:01:33.327root 11241100x8000000000000000185358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb045e69a139e7432022-04-04 14:01:33.327root 11241100x8000000000000000185357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cac8b80931ed192022-04-04 14:01:33.327root 11241100x8000000000000000185356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8969ab9385519e042022-04-04 14:01:33.327root 11241100x8000000000000000185355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e1f64eb84302342022-04-04 14:01:33.327root 11241100x8000000000000000185354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2818038b844ba72c2022-04-04 14:01:33.327root 11241100x8000000000000000185353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6e5257d64a375a2022-04-04 14:01:33.327root 11241100x8000000000000000185352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cd33700f07e4a72022-04-04 14:01:33.327root 11241100x8000000000000000185351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a438eb7971cb922022-04-04 14:01:33.327root 11241100x8000000000000000185350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb128945dad7dc0f2022-04-04 14:01:33.327root 11241100x8000000000000000185349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8514f0ed869206202022-04-04 14:01:33.327root 11241100x8000000000000000185348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fdd1853532bd8e2022-04-04 14:01:33.327root 11241100x8000000000000000185374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e4d0617d9001912022-04-04 14:01:33.328root 11241100x8000000000000000185373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2824371eb90caf602022-04-04 14:01:33.328root 11241100x8000000000000000185372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce19762b2b491d22022-04-04 14:01:33.328root 11241100x8000000000000000185371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55b0b64d54f82182022-04-04 14:01:33.328root 11241100x8000000000000000185370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679cd1059d0084642022-04-04 14:01:33.328root 11241100x8000000000000000185369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c277542e553670212022-04-04 14:01:33.328root 11241100x8000000000000000185368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9577e58ae11276462022-04-04 14:01:33.328root 11241100x8000000000000000185367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f242b4528a19dd2022-04-04 14:01:33.328root 11241100x8000000000000000185366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce56a060fb3f3cc2022-04-04 14:01:33.328root 11241100x8000000000000000185365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e113e097fc498f2022-04-04 14:01:33.328root 11241100x8000000000000000185364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd7d78ca91f9ca22022-04-04 14:01:33.328root 11241100x8000000000000000185363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd45e5ef9807724f2022-04-04 14:01:33.328root 11241100x8000000000000000185362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df31b3ba34fdde52022-04-04 14:01:33.328root 11241100x8000000000000000185361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9c746ba5246ae02022-04-04 14:01:33.328root 11241100x8000000000000000185380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f327a71cdca4e52022-04-04 14:01:33.329root 11241100x8000000000000000185379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68f21e1a76c03552022-04-04 14:01:33.329root 11241100x8000000000000000185378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef88ec7b493177942022-04-04 14:01:33.329root 11241100x8000000000000000185377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62404e40e62969a72022-04-04 14:01:33.329root 11241100x8000000000000000185376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c061cbd40b8aef7d2022-04-04 14:01:33.329root 11241100x8000000000000000185375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ca640bbfcd63d42022-04-04 14:01:33.329root 11241100x8000000000000000185394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00e5db6a3556f3a2022-04-04 14:01:33.827root 11241100x8000000000000000185393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcda6af3a6b39c282022-04-04 14:01:33.827root 11241100x8000000000000000185392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe482bd33a1a7e32022-04-04 14:01:33.827root 11241100x8000000000000000185391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0498f63f0a8b49eb2022-04-04 14:01:33.827root 11241100x8000000000000000185390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af24226526be422022-04-04 14:01:33.827root 11241100x8000000000000000185389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca62b5c2f1b15f12022-04-04 14:01:33.827root 11241100x8000000000000000185388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43740c278282eb3f2022-04-04 14:01:33.827root 11241100x8000000000000000185387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c79442bd87a29ff2022-04-04 14:01:33.827root 11241100x8000000000000000185386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb01d4fc505f502022-04-04 14:01:33.827root 11241100x8000000000000000185385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8674bd727f3d1aba2022-04-04 14:01:33.827root 11241100x8000000000000000185384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a1cdee029b80322022-04-04 14:01:33.827root 11241100x8000000000000000185383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ee7c4f2a7a09d22022-04-04 14:01:33.827root 11241100x8000000000000000185382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef51ef4123d8cec12022-04-04 14:01:33.827root 11241100x8000000000000000185381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fdb627e542e0512022-04-04 14:01:33.827root 11241100x8000000000000000185409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631a09a495a5d1982022-04-04 14:01:33.828root 11241100x8000000000000000185408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6a90dedc2ff1eb2022-04-04 14:01:33.828root 11241100x8000000000000000185407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985513582a84afb02022-04-04 14:01:33.828root 11241100x8000000000000000185406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f353838d243e36942022-04-04 14:01:33.828root 11241100x8000000000000000185405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f59c136d869b47f2022-04-04 14:01:33.828root 11241100x8000000000000000185404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5465af53c1470fb42022-04-04 14:01:33.828root 11241100x8000000000000000185403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ac7c1d9a8836e92022-04-04 14:01:33.828root 11241100x8000000000000000185402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640f4e6595b555862022-04-04 14:01:33.828root 11241100x8000000000000000185401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6d7d59c870dcdb2022-04-04 14:01:33.828root 11241100x8000000000000000185400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f80798dc0b4bb82022-04-04 14:01:33.828root 11241100x8000000000000000185399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee31ca5f1fe64da2022-04-04 14:01:33.828root 11241100x8000000000000000185398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561404a970e996102022-04-04 14:01:33.828root 11241100x8000000000000000185397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b247e9c5f98d4c52022-04-04 14:01:33.828root 11241100x8000000000000000185396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58caa8b16ab4e0862022-04-04 14:01:33.828root 11241100x8000000000000000185395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d403cc22b17422022-04-04 14:01:33.828root 11241100x8000000000000000185414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de11c0738af80bb22022-04-04 14:01:33.829root 11241100x8000000000000000185413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f2852dfe6c739f2022-04-04 14:01:33.829root 11241100x8000000000000000185412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0246e7701bf451a52022-04-04 14:01:33.829root 11241100x8000000000000000185411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4771bb45d7f7f2d92022-04-04 14:01:33.829root 11241100x8000000000000000185410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:33.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2258e6adafde22ca2022-04-04 14:01:33.829root 11241100x8000000000000000185417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10e1607dced5eae2022-04-04 14:01:34.327root 11241100x8000000000000000185416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873b690efae612fe2022-04-04 14:01:34.327root 11241100x8000000000000000185415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d21c496c7b95c42022-04-04 14:01:34.327root 11241100x8000000000000000185423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eedf2eab0f64fe2022-04-04 14:01:34.328root 11241100x8000000000000000185422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71be4968cbfee6892022-04-04 14:01:34.328root 11241100x8000000000000000185421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c168ae15c7096a2022-04-04 14:01:34.328root 11241100x8000000000000000185420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36653a4d2cebc1082022-04-04 14:01:34.328root 11241100x8000000000000000185419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd417a4d15298b242022-04-04 14:01:34.328root 11241100x8000000000000000185418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4669cba148ae7142022-04-04 14:01:34.328root 11241100x8000000000000000185429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa97d721f695ccb2022-04-04 14:01:34.329root 11241100x8000000000000000185428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c743e497403f742f2022-04-04 14:01:34.329root 11241100x8000000000000000185427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce823d1eb4970252022-04-04 14:01:34.329root 11241100x8000000000000000185426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d9711cd16ba6072022-04-04 14:01:34.329root 11241100x8000000000000000185425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ecfc01744f6b0b2022-04-04 14:01:34.329root 11241100x8000000000000000185424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1bd8cdffa22b1f2022-04-04 14:01:34.329root 11241100x8000000000000000185435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bbca93aa1ae3a22022-04-04 14:01:34.330root 11241100x8000000000000000185434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1389d7a453c91f212022-04-04 14:01:34.330root 11241100x8000000000000000185433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8d94972bce2d32022-04-04 14:01:34.330root 11241100x8000000000000000185432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893c7521ae77b5052022-04-04 14:01:34.330root 11241100x8000000000000000185431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c72260042e9132022-04-04 14:01:34.330root 11241100x8000000000000000185430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affd8b98512693222022-04-04 14:01:34.330root 11241100x8000000000000000185442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfd107732b697402022-04-04 14:01:34.331root 11241100x8000000000000000185441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea691cb70c83fbbd2022-04-04 14:01:34.331root 11241100x8000000000000000185440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714214e4099179dc2022-04-04 14:01:34.331root 11241100x8000000000000000185439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60d5faf52bab8132022-04-04 14:01:34.331root 11241100x8000000000000000185438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d513cefca4963f2f2022-04-04 14:01:34.331root 11241100x8000000000000000185437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2ad3d16ba6bf582022-04-04 14:01:34.331root 11241100x8000000000000000185436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98747019bec2ef32022-04-04 14:01:34.331root 11241100x8000000000000000185444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb06b2a84362eb32022-04-04 14:01:34.332root 11241100x8000000000000000185443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262d281bbcbaf4e32022-04-04 14:01:34.332root 11241100x8000000000000000185448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf350b2ab5846b1f2022-04-04 14:01:34.334root 11241100x8000000000000000185447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741decbefea167b82022-04-04 14:01:34.334root 11241100x8000000000000000185446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d48d74c737060d42022-04-04 14:01:34.334root 11241100x8000000000000000185445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370d4f25aaf6baf32022-04-04 14:01:34.334root 11241100x8000000000000000185453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb9aa120764f85e2022-04-04 14:01:34.827root 11241100x8000000000000000185452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59133efa2e5c5b72022-04-04 14:01:34.827root 11241100x8000000000000000185451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf71776eb254d782022-04-04 14:01:34.827root 11241100x8000000000000000185450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b222a24d124dac2022-04-04 14:01:34.827root 11241100x8000000000000000185449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2f559160e5e0db2022-04-04 14:01:34.827root 11241100x8000000000000000185465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e021a0dfbb0ceb1e2022-04-04 14:01:34.828root 11241100x8000000000000000185464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874f36709a6478c32022-04-04 14:01:34.828root 11241100x8000000000000000185463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fbdc92f166650e2022-04-04 14:01:34.828root 11241100x8000000000000000185462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1de0f6606447502022-04-04 14:01:34.828root 11241100x8000000000000000185461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1178efa3f2cf2c2022-04-04 14:01:34.828root 11241100x8000000000000000185460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dc3c8d3b117fd92022-04-04 14:01:34.828root 11241100x8000000000000000185459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee78e6765891ff232022-04-04 14:01:34.828root 11241100x8000000000000000185458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7a57684c0b03912022-04-04 14:01:34.828root 11241100x8000000000000000185457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02383c5ac4b3fcc92022-04-04 14:01:34.828root 11241100x8000000000000000185456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88433876c6aeb58c2022-04-04 14:01:34.828root 11241100x8000000000000000185455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e202ac373401b92022-04-04 14:01:34.828root 11241100x8000000000000000185454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005b5c50d1e1a7d92022-04-04 14:01:34.828root 11241100x8000000000000000185471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9ec250ae776f032022-04-04 14:01:34.829root 11241100x8000000000000000185470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dd609376bd0b092022-04-04 14:01:34.829root 11241100x8000000000000000185469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cf0a8ddd016b302022-04-04 14:01:34.829root 11241100x8000000000000000185468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f785edeade0ef4d2022-04-04 14:01:34.829root 11241100x8000000000000000185467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6119ea8337ec772022-04-04 14:01:34.829root 11241100x8000000000000000185466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ad3774e998d0d82022-04-04 14:01:34.829root 11241100x8000000000000000185474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102f376e94da86152022-04-04 14:01:34.830root 11241100x8000000000000000185473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1414564081566c522022-04-04 14:01:34.830root 11241100x8000000000000000185472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d96372f25bec462022-04-04 14:01:34.830root 11241100x8000000000000000185480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ed40420c24b1e82022-04-04 14:01:34.831root 11241100x8000000000000000185479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621db8b1598b680f2022-04-04 14:01:34.831root 11241100x8000000000000000185478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cdf57ba4e839122022-04-04 14:01:34.831root 11241100x8000000000000000185477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495915bc6cee64bb2022-04-04 14:01:34.831root 11241100x8000000000000000185476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e70adece51cb42022-04-04 14:01:34.831root 11241100x8000000000000000185475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee4c44c259fc04f2022-04-04 14:01:34.831root 11241100x8000000000000000185482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101a17e4c75da6772022-04-04 14:01:34.832root 11241100x8000000000000000185481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:34.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662425c2e5309bad2022-04-04 14:01:34.832root 23542300x8000000000000000185483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.258{ec21797c-f0d9-624a-60fc-886112560000}5459root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000185491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dea4291eba3aa52022-04-04 14:01:35.259root 11241100x8000000000000000185490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40da3719002f48b2022-04-04 14:01:35.259root 11241100x8000000000000000185489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314d596e28f912b02022-04-04 14:01:35.259root 11241100x8000000000000000185488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188266fbea02da382022-04-04 14:01:35.259root 11241100x8000000000000000185487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ed1ad3f5ae0c4f2022-04-04 14:01:35.259root 11241100x8000000000000000185486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94501b4cb2c242e22022-04-04 14:01:35.259root 11241100x8000000000000000185485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4837125881ced2022-04-04 14:01:35.259root 11241100x8000000000000000185484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.259{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c99031384347f82022-04-04 14:01:35.259root 11241100x8000000000000000185501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b0321f8aac68f42022-04-04 14:01:35.260root 11241100x8000000000000000185500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42628c63927b3e22022-04-04 14:01:35.260root 11241100x8000000000000000185499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5380a78996c77a2022-04-04 14:01:35.260root 11241100x8000000000000000185498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca29cfce0ee5f092022-04-04 14:01:35.260root 11241100x8000000000000000185497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860b9b9e33c47bde2022-04-04 14:01:35.260root 11241100x8000000000000000185496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a443886508d67bc2022-04-04 14:01:35.260root 11241100x8000000000000000185495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113b5e3b8b5b0cbb2022-04-04 14:01:35.260root 11241100x8000000000000000185494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7caf4529d16f9c42022-04-04 14:01:35.260root 11241100x8000000000000000185493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bcfc9682f3e6e92022-04-04 14:01:35.260root 11241100x8000000000000000185492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.260{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f710271378633a902022-04-04 14:01:35.260root 11241100x8000000000000000185511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65b99ea6acb4d852022-04-04 14:01:35.261root 11241100x8000000000000000185510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd45c8f9f6237af2022-04-04 14:01:35.261root 11241100x8000000000000000185509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d67ef8531a24502022-04-04 14:01:35.261root 11241100x8000000000000000185508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3105d4e0223478dd2022-04-04 14:01:35.261root 11241100x8000000000000000185507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9162c5524f59eb3e2022-04-04 14:01:35.261root 11241100x8000000000000000185506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33a20eca652a2e42022-04-04 14:01:35.261root 11241100x8000000000000000185505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1a1c43ebd7bb92022-04-04 14:01:35.261root 11241100x8000000000000000185504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2d2d584abaedf02022-04-04 14:01:35.261root 11241100x8000000000000000185503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e04f83d08f0d02022-04-04 14:01:35.261root 11241100x8000000000000000185502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.261{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e33e88de73ee4382022-04-04 14:01:35.261root 11241100x8000000000000000185521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009bb1a3abb5dd5b2022-04-04 14:01:35.262root 11241100x8000000000000000185520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8cb2213a3ea6d62022-04-04 14:01:35.262root 11241100x8000000000000000185519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a50283225cd7aed2022-04-04 14:01:35.262root 11241100x8000000000000000185518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9658d0cf29575a12022-04-04 14:01:35.262root 11241100x8000000000000000185517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b6901758e4e4f42022-04-04 14:01:35.262root 11241100x8000000000000000185516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ed51daaa91e2492022-04-04 14:01:35.262root 11241100x8000000000000000185515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb76b2af09e937e2022-04-04 14:01:35.262root 11241100x8000000000000000185514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae49d45bab56f572022-04-04 14:01:35.262root 11241100x8000000000000000185513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81abfc09178ced372022-04-04 14:01:35.262root 11241100x8000000000000000185512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.262{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0f5cfd938e4c542022-04-04 14:01:35.262root 11241100x8000000000000000185531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d869f250705b53ed2022-04-04 14:01:35.577root 11241100x8000000000000000185530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13036da72c8666552022-04-04 14:01:35.577root 11241100x8000000000000000185529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d18991f39c367ef2022-04-04 14:01:35.577root 11241100x8000000000000000185528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b55c6a6861cb5b22022-04-04 14:01:35.577root 11241100x8000000000000000185527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc068d7693af77f72022-04-04 14:01:35.577root 11241100x8000000000000000185526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6642ad69ae33ee262022-04-04 14:01:35.577root 11241100x8000000000000000185525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02ab360ad5f98ae2022-04-04 14:01:35.577root 11241100x8000000000000000185524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf14232d7255f22022-04-04 14:01:35.577root 11241100x8000000000000000185523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd605c2eef11e2282022-04-04 14:01:35.577root 11241100x8000000000000000185522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8594823d118e17bb2022-04-04 14:01:35.577root 11241100x8000000000000000185546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106d4685a985aeea2022-04-04 14:01:35.578root 11241100x8000000000000000185545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509e56e6c6b24ff32022-04-04 14:01:35.578root 11241100x8000000000000000185544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc6199ca182ec732022-04-04 14:01:35.578root 11241100x8000000000000000185543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea9544a8ef19d582022-04-04 14:01:35.578root 11241100x8000000000000000185542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae5f2c6874383292022-04-04 14:01:35.578root 11241100x8000000000000000185541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a2f376e50c1e072022-04-04 14:01:35.578root 11241100x8000000000000000185540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463529e6b65dbf6a2022-04-04 14:01:35.578root 11241100x8000000000000000185539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be563933f574fe32022-04-04 14:01:35.578root 11241100x8000000000000000185538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8389783f61e9506f2022-04-04 14:01:35.578root 11241100x8000000000000000185537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2779310aa76cff5b2022-04-04 14:01:35.578root 11241100x8000000000000000185536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc5191db7f48f2d2022-04-04 14:01:35.578root 11241100x8000000000000000185535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542a67052c82204b2022-04-04 14:01:35.578root 11241100x8000000000000000185534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54770c6cac4f19612022-04-04 14:01:35.578root 11241100x8000000000000000185533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e55969c94c0e0002022-04-04 14:01:35.578root 11241100x8000000000000000185532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015473e5883f92382022-04-04 14:01:35.578root 11241100x8000000000000000185556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07da5697b03f349e2022-04-04 14:01:35.579root 11241100x8000000000000000185555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1a9b7d0c23a5e62022-04-04 14:01:35.579root 11241100x8000000000000000185554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4bbb7bac83234f2022-04-04 14:01:35.579root 11241100x8000000000000000185553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208cc4f6431d0602022-04-04 14:01:35.579root 11241100x8000000000000000185552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76901b3180f51082022-04-04 14:01:35.579root 11241100x8000000000000000185551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfe91a734017d032022-04-04 14:01:35.579root 11241100x8000000000000000185550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab518fcc356a25b2022-04-04 14:01:35.579root 11241100x8000000000000000185549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b943ea57c80671c2022-04-04 14:01:35.579root 11241100x8000000000000000185548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad44ea65d813f0ce2022-04-04 14:01:35.579root 11241100x8000000000000000185547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:35.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fda7fa6f22877742022-04-04 14:01:35.579root 11241100x8000000000000000185561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935c09239ed102422022-04-04 14:01:36.077root 11241100x8000000000000000185560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc66fc8bb67a4e72022-04-04 14:01:36.077root 11241100x8000000000000000185559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b2cea077ea230b2022-04-04 14:01:36.077root 11241100x8000000000000000185558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e23f228b09a5432022-04-04 14:01:36.077root 11241100x8000000000000000185557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b91fdf3eee60ea2022-04-04 14:01:36.077root 11241100x8000000000000000185576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72af73ac4d1e52f2022-04-04 14:01:36.078root 11241100x8000000000000000185575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b6da33159bc69c2022-04-04 14:01:36.078root 11241100x8000000000000000185574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285945dd9e58f94b2022-04-04 14:01:36.078root 11241100x8000000000000000185573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf081ae3da31dfa2022-04-04 14:01:36.078root 11241100x8000000000000000185572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8eb930aa6fce022022-04-04 14:01:36.078root 11241100x8000000000000000185571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a631b6cdf606ee32022-04-04 14:01:36.078root 11241100x8000000000000000185570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2a91fb59473f782022-04-04 14:01:36.078root 11241100x8000000000000000185569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bce14fce7741c52022-04-04 14:01:36.078root 11241100x8000000000000000185568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bfc1e2dd40099c2022-04-04 14:01:36.078root 11241100x8000000000000000185567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84630c189e4ba0602022-04-04 14:01:36.078root 11241100x8000000000000000185566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7b6cb28975aabf2022-04-04 14:01:36.078root 11241100x8000000000000000185565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b9bec0f84845972022-04-04 14:01:36.078root 11241100x8000000000000000185564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7c246442f0483a2022-04-04 14:01:36.078root 11241100x8000000000000000185563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee10573c237f79d2022-04-04 14:01:36.078root 11241100x8000000000000000185562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13616cadd8cdf47d2022-04-04 14:01:36.078root 11241100x8000000000000000185589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f160e54d3df4a0eb2022-04-04 14:01:36.079root 11241100x8000000000000000185588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceeaf6406ddb4fc2022-04-04 14:01:36.079root 11241100x8000000000000000185587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fae7b3233cbc4872022-04-04 14:01:36.079root 11241100x8000000000000000185586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0662da78cccb87d42022-04-04 14:01:36.079root 11241100x8000000000000000185585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644be1c5da7649fd2022-04-04 14:01:36.079root 11241100x8000000000000000185584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64680d201011900e2022-04-04 14:01:36.079root 11241100x8000000000000000185583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9853691aac90aecc2022-04-04 14:01:36.079root 11241100x8000000000000000185582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7b3ee98b4356a72022-04-04 14:01:36.079root 11241100x8000000000000000185581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47122d7917986a902022-04-04 14:01:36.079root 11241100x8000000000000000185580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d6d89b9872694e2022-04-04 14:01:36.079root 11241100x8000000000000000185579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b850707ecc564fb12022-04-04 14:01:36.079root 11241100x8000000000000000185578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0279718af035cde2022-04-04 14:01:36.079root 11241100x8000000000000000185577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5b1782555cf442022-04-04 14:01:36.079root 11241100x8000000000000000185591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0840f577dfd248e2022-04-04 14:01:36.080root 11241100x8000000000000000185590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c223f65fb8f006d2022-04-04 14:01:36.080root 11241100x8000000000000000185596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdae01d731f53022022-04-04 14:01:36.577root 11241100x8000000000000000185595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac3aff06dedfed02022-04-04 14:01:36.577root 11241100x8000000000000000185594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a242bd02d6b6af2022-04-04 14:01:36.577root 11241100x8000000000000000185593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc64ab251e471a42022-04-04 14:01:36.577root 11241100x8000000000000000185592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5693d23043901c122022-04-04 14:01:36.577root 11241100x8000000000000000185609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e6806ab4ab753f2022-04-04 14:01:36.578root 11241100x8000000000000000185608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c744fb2a5160ce4d2022-04-04 14:01:36.578root 11241100x8000000000000000185607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aec7dbcd8a550022022-04-04 14:01:36.578root 11241100x8000000000000000185606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac4fda718f424c92022-04-04 14:01:36.578root 11241100x8000000000000000185605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7038ceab5ca929522022-04-04 14:01:36.578root 11241100x8000000000000000185604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f4230a6fd8de642022-04-04 14:01:36.578root 11241100x8000000000000000185603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680f631523ad20742022-04-04 14:01:36.578root 11241100x8000000000000000185602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7807760e480fb0a02022-04-04 14:01:36.578root 11241100x8000000000000000185601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593f42b49e8169132022-04-04 14:01:36.578root 11241100x8000000000000000185600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c5719f4efb6f32022-04-04 14:01:36.578root 11241100x8000000000000000185599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfa93fdd37e1f642022-04-04 14:01:36.578root 11241100x8000000000000000185598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60acd8618155ab832022-04-04 14:01:36.578root 11241100x8000000000000000185597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980beb6886e5cbd22022-04-04 14:01:36.578root 11241100x8000000000000000185625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41095a49dcea71842022-04-04 14:01:36.579root 11241100x8000000000000000185624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968e87d76d7fb522022-04-04 14:01:36.579root 11241100x8000000000000000185623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d8b4c20829983d2022-04-04 14:01:36.579root 11241100x8000000000000000185622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6942b0987349813d2022-04-04 14:01:36.579root 11241100x8000000000000000185621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd5e97cf2ea70602022-04-04 14:01:36.579root 11241100x8000000000000000185620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b94ad4907c51d372022-04-04 14:01:36.579root 11241100x8000000000000000185619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2461d21d3f1578d42022-04-04 14:01:36.579root 11241100x8000000000000000185618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590b734e5cdb82de2022-04-04 14:01:36.579root 11241100x8000000000000000185617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af98084f107bf6762022-04-04 14:01:36.579root 11241100x8000000000000000185616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f9dff6d21b69a82022-04-04 14:01:36.579root 11241100x8000000000000000185615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b006111dd2f0b6a2022-04-04 14:01:36.579root 11241100x8000000000000000185614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c9afab3a3bb0cb2022-04-04 14:01:36.579root 11241100x8000000000000000185613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90eae1c432cf37e82022-04-04 14:01:36.579root 11241100x8000000000000000185612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5627fbdd50b7c9da2022-04-04 14:01:36.579root 11241100x8000000000000000185611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da40b378a007fecc2022-04-04 14:01:36.579root 11241100x8000000000000000185610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2605fe3a506f2342022-04-04 14:01:36.579root 11241100x8000000000000000185626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:36.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a882fa3d721c8fa2022-04-04 14:01:36.580root 11241100x8000000000000000185628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.052{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20bdc187f6ff0b12022-04-04 14:01:37.052root 354300x8000000000000000185627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.052{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34466-false10.0.1.12-8000- 11241100x8000000000000000185629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa2f4cde3d6ce8f2022-04-04 14:01:37.053root 11241100x8000000000000000185644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d50061882639c42022-04-04 14:01:37.054root 11241100x8000000000000000185643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c582b92ace9a4932022-04-04 14:01:37.054root 11241100x8000000000000000185642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec1e94f102b26042022-04-04 14:01:37.054root 11241100x8000000000000000185641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ebdfee1e472d402022-04-04 14:01:37.054root 11241100x8000000000000000185640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac294cf01ce6b0902022-04-04 14:01:37.054root 11241100x8000000000000000185639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d10590915b19a4c2022-04-04 14:01:37.054root 11241100x8000000000000000185638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020793662b78fd5e2022-04-04 14:01:37.054root 11241100x8000000000000000185637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b18222403c7a5982022-04-04 14:01:37.054root 11241100x8000000000000000185636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0ebdea1006da9d2022-04-04 14:01:37.054root 11241100x8000000000000000185635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6955255658837792022-04-04 14:01:37.054root 11241100x8000000000000000185634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5296d6278c9635872022-04-04 14:01:37.054root 11241100x8000000000000000185633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1992d379bf139f002022-04-04 14:01:37.054root 11241100x8000000000000000185632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce11bb8c3c2bb3352022-04-04 14:01:37.054root 11241100x8000000000000000185631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3614b411f2d355b2022-04-04 14:01:37.054root 11241100x8000000000000000185630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f030abb17da09def2022-04-04 14:01:37.054root 11241100x8000000000000000185660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efbc85e3e7484c82022-04-04 14:01:37.055root 11241100x8000000000000000185659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35da5f332f7c880b2022-04-04 14:01:37.055root 11241100x8000000000000000185658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afce85f9c02fe2432022-04-04 14:01:37.055root 11241100x8000000000000000185657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c71282c9745342022-04-04 14:01:37.055root 11241100x8000000000000000185656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67c6c1f9021e99b2022-04-04 14:01:37.055root 11241100x8000000000000000185655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979c7ae835d6e4152022-04-04 14:01:37.055root 11241100x8000000000000000185654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6697c17a24c36352022-04-04 14:01:37.055root 11241100x8000000000000000185653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59805130b381f0eb2022-04-04 14:01:37.055root 11241100x8000000000000000185652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e916a077d2336d2022-04-04 14:01:37.055root 11241100x8000000000000000185651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f718f0b14b23b6c92022-04-04 14:01:37.055root 11241100x8000000000000000185650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfab4c115695a0542022-04-04 14:01:37.055root 11241100x8000000000000000185649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d068980a80c38472022-04-04 14:01:37.055root 11241100x8000000000000000185648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311ad68a0d393f382022-04-04 14:01:37.055root 11241100x8000000000000000185647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4b8a7d8a3f08062022-04-04 14:01:37.055root 11241100x8000000000000000185646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d43da729d494052022-04-04 14:01:37.055root 11241100x8000000000000000185645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191ba8f68338ec072022-04-04 14:01:37.055root 11241100x8000000000000000185665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12869eb6fd080f32022-04-04 14:01:37.056root 11241100x8000000000000000185664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139b6ed7bf88382a2022-04-04 14:01:37.056root 11241100x8000000000000000185663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c1752a5227a3242022-04-04 14:01:37.056root 11241100x8000000000000000185662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be563132c6c51f22022-04-04 14:01:37.056root 11241100x8000000000000000185661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2d85d06a8b066a2022-04-04 14:01:37.056root 11241100x8000000000000000185672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652fe75fd5a0e4fe2022-04-04 14:01:37.327root 11241100x8000000000000000185671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506fc6aad51dd4142022-04-04 14:01:37.327root 11241100x8000000000000000185670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cf3d4ad819cb332022-04-04 14:01:37.327root 11241100x8000000000000000185669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bbc82b57f80fbf2022-04-04 14:01:37.327root 11241100x8000000000000000185668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd68279bd9bf2992022-04-04 14:01:37.327root 11241100x8000000000000000185667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c33d49d8ded13c82022-04-04 14:01:37.327root 11241100x8000000000000000185666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada5cf572f0c6df22022-04-04 14:01:37.327root 11241100x8000000000000000185682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648c4d5fb213535b2022-04-04 14:01:37.328root 11241100x8000000000000000185681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0784ad6f0b59b32022-04-04 14:01:37.328root 11241100x8000000000000000185680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66e291c4cde5a242022-04-04 14:01:37.328root 11241100x8000000000000000185679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8634654663de30d82022-04-04 14:01:37.328root 11241100x8000000000000000185678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f601b9f205c31dbd2022-04-04 14:01:37.328root 11241100x8000000000000000185677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758766c7aeae6442022-04-04 14:01:37.328root 11241100x8000000000000000185676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5493aebe02eeeb572022-04-04 14:01:37.328root 11241100x8000000000000000185675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e90beb079c237262022-04-04 14:01:37.328root 11241100x8000000000000000185674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db526123da1a06bf2022-04-04 14:01:37.328root 11241100x8000000000000000185673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40397524dcf1a702022-04-04 14:01:37.328root 11241100x8000000000000000185692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e8136ca7e182c72022-04-04 14:01:37.329root 11241100x8000000000000000185691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f344bbcb10f6138f2022-04-04 14:01:37.329root 11241100x8000000000000000185690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22255b4af8abbaea2022-04-04 14:01:37.329root 11241100x8000000000000000185689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3bc4ec4d2ae87e2022-04-04 14:01:37.329root 11241100x8000000000000000185688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc71210cf3195a52022-04-04 14:01:37.329root 11241100x8000000000000000185687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020ee7e116d87f292022-04-04 14:01:37.329root 11241100x8000000000000000185686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ea516a572e6dcd2022-04-04 14:01:37.329root 11241100x8000000000000000185685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353a08a4f03abbbf2022-04-04 14:01:37.329root 11241100x8000000000000000185684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b8247d112833762022-04-04 14:01:37.329root 11241100x8000000000000000185683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e0e1a2a8f470a72022-04-04 14:01:37.329root 11241100x8000000000000000185701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f443b777c42fb0cf2022-04-04 14:01:37.330root 11241100x8000000000000000185700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a4e5ffe18ad2632022-04-04 14:01:37.330root 11241100x8000000000000000185699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c0d232d38c11462022-04-04 14:01:37.330root 11241100x8000000000000000185698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa4ff051f31eb22022-04-04 14:01:37.330root 11241100x8000000000000000185697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d41a3c12abc6bb2022-04-04 14:01:37.330root 11241100x8000000000000000185696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcf682a3ca783fa2022-04-04 14:01:37.330root 11241100x8000000000000000185695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f564ed486e918b472022-04-04 14:01:37.330root 11241100x8000000000000000185694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ad3d0ff5e9ba8f2022-04-04 14:01:37.330root 11241100x8000000000000000185693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a19cf7c0fbeb892022-04-04 14:01:37.330root 11241100x8000000000000000185709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38964cbbf1c04a32022-04-04 14:01:37.827root 11241100x8000000000000000185708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aed21febe053f9e2022-04-04 14:01:37.827root 11241100x8000000000000000185707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecc9b018759463f2022-04-04 14:01:37.827root 11241100x8000000000000000185706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f45762c2949e4242022-04-04 14:01:37.827root 11241100x8000000000000000185705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e8239dc83ba3942022-04-04 14:01:37.827root 11241100x8000000000000000185704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4317166a88a05bd92022-04-04 14:01:37.827root 11241100x8000000000000000185703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916a3e41bf997e3a2022-04-04 14:01:37.827root 11241100x8000000000000000185702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98af9d2c5a038f72022-04-04 14:01:37.827root 11241100x8000000000000000185723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbfe909453af3752022-04-04 14:01:37.828root 11241100x8000000000000000185722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed52a35772173c1d2022-04-04 14:01:37.828root 11241100x8000000000000000185721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac9a88f63e0198e2022-04-04 14:01:37.828root 11241100x8000000000000000185720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137a5ee80f77e4c62022-04-04 14:01:37.828root 11241100x8000000000000000185719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd225a0f44bce202022-04-04 14:01:37.828root 11241100x8000000000000000185718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3121944a392003c32022-04-04 14:01:37.828root 11241100x8000000000000000185717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6cd41a9f60f00e2022-04-04 14:01:37.828root 11241100x8000000000000000185716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fe8c80829eba752022-04-04 14:01:37.828root 11241100x8000000000000000185715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c7e4ac7c1948502022-04-04 14:01:37.828root 11241100x8000000000000000185714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9092451343ffb2e92022-04-04 14:01:37.828root 11241100x8000000000000000185713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc47daadccb0fb952022-04-04 14:01:37.828root 11241100x8000000000000000185712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dedc433608df612022-04-04 14:01:37.828root 11241100x8000000000000000185711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197a7b0dec79ae042022-04-04 14:01:37.828root 11241100x8000000000000000185710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236e78d15c05516d2022-04-04 14:01:37.828root 11241100x8000000000000000185733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a17e57446b2bf12022-04-04 14:01:37.829root 11241100x8000000000000000185732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0035b566e53000e42022-04-04 14:01:37.829root 11241100x8000000000000000185731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea553451c2af15f62022-04-04 14:01:37.829root 11241100x8000000000000000185730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e705aa707276b2022-04-04 14:01:37.829root 11241100x8000000000000000185729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1554249face3dfaf2022-04-04 14:01:37.829root 11241100x8000000000000000185728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6e60593b19d3412022-04-04 14:01:37.829root 11241100x8000000000000000185727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec44e6d5a618ea0b2022-04-04 14:01:37.829root 11241100x8000000000000000185726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a21b85e6dfb04b2022-04-04 14:01:37.829root 11241100x8000000000000000185725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fbc251e8465ce62022-04-04 14:01:37.829root 11241100x8000000000000000185724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91d02713271d0d42022-04-04 14:01:37.829root 11241100x8000000000000000185737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560ee5c50369eb5e2022-04-04 14:01:37.830root 11241100x8000000000000000185736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9304279bf5c6692022-04-04 14:01:37.830root 11241100x8000000000000000185735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b8fc89ed176bd22022-04-04 14:01:37.830root 11241100x8000000000000000185734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6b820c9d76bf0c2022-04-04 14:01:37.830root 534500x8000000000000000185738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:37.963{ec21797c-eb03-624a-c82a-a7604f560000}464/lib/systemd/systemd-journaldroot 11241100x8000000000000000185739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bc4d237e2e43112022-04-04 14:01:38.326root 11241100x8000000000000000185748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e474f975f2e532ce2022-04-04 14:01:38.327root 11241100x8000000000000000185747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3f19bc41443f2e2022-04-04 14:01:38.327root 11241100x8000000000000000185746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680b10c572c81a282022-04-04 14:01:38.327root 11241100x8000000000000000185745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b69e809fc07caf82022-04-04 14:01:38.327root 11241100x8000000000000000185744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23525cd91a5901b82022-04-04 14:01:38.327root 11241100x8000000000000000185743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb7a6978072b2c62022-04-04 14:01:38.327root 11241100x8000000000000000185742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5071232f3df0112022-04-04 14:01:38.327root 11241100x8000000000000000185741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee3f63f83395be02022-04-04 14:01:38.327root 11241100x8000000000000000185740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123fc33d403963452022-04-04 14:01:38.327root 11241100x8000000000000000185755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77593d0e967a3412022-04-04 14:01:38.328root 11241100x8000000000000000185754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4f0e8264fc8a6b2022-04-04 14:01:38.328root 11241100x8000000000000000185753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58ec601c1271cab2022-04-04 14:01:38.328root 11241100x8000000000000000185752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb248d9c327f0152022-04-04 14:01:38.328root 11241100x8000000000000000185751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530ed4b911ca5cf42022-04-04 14:01:38.328root 11241100x8000000000000000185750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0620f4daf064cadb2022-04-04 14:01:38.328root 11241100x8000000000000000185749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7134381609b4dac62022-04-04 14:01:38.328root 11241100x8000000000000000185766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f64aaaf7cff0a52022-04-04 14:01:38.329root 11241100x8000000000000000185765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ede56c056125e92022-04-04 14:01:38.329root 11241100x8000000000000000185764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1d739eeab278372022-04-04 14:01:38.329root 11241100x8000000000000000185763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308699e531d0a9eb2022-04-04 14:01:38.329root 11241100x8000000000000000185762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986635c86f00bdcc2022-04-04 14:01:38.329root 11241100x8000000000000000185761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057856370fef86122022-04-04 14:01:38.329root 11241100x8000000000000000185760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c1aab4ef3577212022-04-04 14:01:38.329root 11241100x8000000000000000185759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfeffdf8b05b9882022-04-04 14:01:38.329root 11241100x8000000000000000185758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a9a2497cce95f2022-04-04 14:01:38.329root 11241100x8000000000000000185757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f63243948e6b22022-04-04 14:01:38.329root 11241100x8000000000000000185756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf2bd0a554597102022-04-04 14:01:38.329root 11241100x8000000000000000185781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1d69edc253df972022-04-04 14:01:38.330root 11241100x8000000000000000185780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05875ff884d9da62022-04-04 14:01:38.330root 11241100x8000000000000000185779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a1f783866aec2a2022-04-04 14:01:38.330root 11241100x8000000000000000185778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1670622336fd7ff02022-04-04 14:01:38.330root 11241100x8000000000000000185777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfce5abd712439c2022-04-04 14:01:38.330root 11241100x8000000000000000185776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da053c11128d8e22022-04-04 14:01:38.330root 11241100x8000000000000000185775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b1a6423c3e45792022-04-04 14:01:38.330root 11241100x8000000000000000185774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bf3b06e7a3b3582022-04-04 14:01:38.330root 11241100x8000000000000000185773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d6e2d761cf32dc2022-04-04 14:01:38.330root 11241100x8000000000000000185772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab6c362c0ed4ec22022-04-04 14:01:38.330root 11241100x8000000000000000185771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a444e3ad3046b62022-04-04 14:01:38.330root 11241100x8000000000000000185770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286446f3f55eddc22022-04-04 14:01:38.330root 11241100x8000000000000000185769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667920d6be7631342022-04-04 14:01:38.330root 11241100x8000000000000000185768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bd613ff78ff01b2022-04-04 14:01:38.330root 11241100x8000000000000000185767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862034e45ffb87142022-04-04 14:01:38.330root 11241100x8000000000000000185794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb78fd29e634ad312022-04-04 14:01:38.331root 11241100x8000000000000000185793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56556a9da8aabf2022-04-04 14:01:38.331root 11241100x8000000000000000185792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be6437b7790fd062022-04-04 14:01:38.331root 11241100x8000000000000000185791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f27c517b9da39f2022-04-04 14:01:38.331root 11241100x8000000000000000185790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2004abc391b704922022-04-04 14:01:38.331root 11241100x8000000000000000185789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0550c8676cb257142022-04-04 14:01:38.331root 11241100x8000000000000000185788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0bea370900d88e2022-04-04 14:01:38.331root 11241100x8000000000000000185787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7885cc48e4f1485a2022-04-04 14:01:38.331root 11241100x8000000000000000185786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6456977c2b3c70ef2022-04-04 14:01:38.331root 11241100x8000000000000000185785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19084d5d22414b852022-04-04 14:01:38.331root 11241100x8000000000000000185784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93683beb12ceef12022-04-04 14:01:38.331root 11241100x8000000000000000185783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef908a60e8dd03f2022-04-04 14:01:38.331root 11241100x8000000000000000185782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8185b3fb00faab702022-04-04 14:01:38.331root 11241100x8000000000000000185806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de0e688e6a6b4ec2022-04-04 14:01:38.332root 11241100x8000000000000000185805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0456e47133ffac172022-04-04 14:01:38.332root 11241100x8000000000000000185804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e50a26068a1f072022-04-04 14:01:38.332root 11241100x8000000000000000185803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71fcc2047b9dcf12022-04-04 14:01:38.332root 11241100x8000000000000000185802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39447efbfcff9aa62022-04-04 14:01:38.332root 11241100x8000000000000000185801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5650ff1275b6da2022-04-04 14:01:38.332root 11241100x8000000000000000185800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2a051f3b17fbc52022-04-04 14:01:38.332root 11241100x8000000000000000185799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7c9ed99c6ba8762022-04-04 14:01:38.332root 11241100x8000000000000000185798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e169aa683500ed32022-04-04 14:01:38.332root 11241100x8000000000000000185797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20324337731e8a162022-04-04 14:01:38.332root 11241100x8000000000000000185796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc64e902a41f553f2022-04-04 14:01:38.332root 11241100x8000000000000000185795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1bc7c17fab31852022-04-04 14:01:38.332root 11241100x8000000000000000185807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7f44de7e92ac7b2022-04-04 14:01:38.333root 11241100x8000000000000000185810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692df189a3aafe4d2022-04-04 14:01:38.827root 11241100x8000000000000000185809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb18588bce204c152022-04-04 14:01:38.827root 11241100x8000000000000000185808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf5ce3798e9ba2d2022-04-04 14:01:38.827root 11241100x8000000000000000185820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0916c2f123235b2022-04-04 14:01:38.828root 11241100x8000000000000000185819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7def9457b8aa9802022-04-04 14:01:38.828root 11241100x8000000000000000185818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1096f4c4d9ef432022-04-04 14:01:38.828root 11241100x8000000000000000185817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417a04c6dd1548c02022-04-04 14:01:38.828root 11241100x8000000000000000185816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb40a4d7878e95d12022-04-04 14:01:38.828root 11241100x8000000000000000185815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dac730b287f3542022-04-04 14:01:38.828root 11241100x8000000000000000185814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0b7631ed107c0a2022-04-04 14:01:38.828root 11241100x8000000000000000185813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6f731db8cccb6b2022-04-04 14:01:38.828root 11241100x8000000000000000185812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cc776925a537362022-04-04 14:01:38.828root 11241100x8000000000000000185811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2d533287e530a92022-04-04 14:01:38.828root 11241100x8000000000000000185831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc38e30a3e07a73a2022-04-04 14:01:38.829root 11241100x8000000000000000185830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0e090739cd937f2022-04-04 14:01:38.829root 11241100x8000000000000000185829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1ddad10effda572022-04-04 14:01:38.829root 11241100x8000000000000000185828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069bb491d2bf3812022-04-04 14:01:38.829root 11241100x8000000000000000185827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27b4f424b7a75252022-04-04 14:01:38.829root 11241100x8000000000000000185826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aa5bafa26180892022-04-04 14:01:38.829root 11241100x8000000000000000185825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43420bd2c66e832b2022-04-04 14:01:38.829root 11241100x8000000000000000185824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a369dec4919bc12022-04-04 14:01:38.829root 11241100x8000000000000000185823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e5235b2820e8252022-04-04 14:01:38.829root 11241100x8000000000000000185822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8cc4d409c17e272022-04-04 14:01:38.829root 11241100x8000000000000000185821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a12fe276a7d920e2022-04-04 14:01:38.829root 11241100x8000000000000000185847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9befaa1771d78c632022-04-04 14:01:38.830root 11241100x8000000000000000185846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ae7a4c4ab4a63e2022-04-04 14:01:38.830root 11241100x8000000000000000185845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd71d489d655db12022-04-04 14:01:38.830root 11241100x8000000000000000185844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d717c4eb7c0598212022-04-04 14:01:38.830root 11241100x8000000000000000185843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929c58393e09c4c32022-04-04 14:01:38.830root 11241100x8000000000000000185842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6235d97c187782d2022-04-04 14:01:38.830root 11241100x8000000000000000185841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89908cae24d067d82022-04-04 14:01:38.830root 11241100x8000000000000000185840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72b293d3b70ea1e2022-04-04 14:01:38.830root 11241100x8000000000000000185839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8555f82a6d7d3bc72022-04-04 14:01:38.830root 11241100x8000000000000000185838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487c7b63138633c52022-04-04 14:01:38.830root 11241100x8000000000000000185837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816ae576b6ab542b2022-04-04 14:01:38.830root 11241100x8000000000000000185836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333e25df0ee772842022-04-04 14:01:38.830root 11241100x8000000000000000185835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494f6e896466670e2022-04-04 14:01:38.830root 11241100x8000000000000000185834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6f9f0299e1fcd12022-04-04 14:01:38.830root 11241100x8000000000000000185833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd71df521b8a63b12022-04-04 14:01:38.830root 11241100x8000000000000000185832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9a17700fabde3e2022-04-04 14:01:38.830root 11241100x8000000000000000185851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f769038a81eccd4e2022-04-04 14:01:38.831root 11241100x8000000000000000185850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ea819507abf5162022-04-04 14:01:38.831root 11241100x8000000000000000185849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6b7e712391d1972022-04-04 14:01:38.831root 11241100x8000000000000000185848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:38.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d2f4981991523a2022-04-04 14:01:38.831root 11241100x8000000000000000185853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b094083a5c711f2022-04-04 14:01:39.327root 11241100x8000000000000000185852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6087b2e3d82283bc2022-04-04 14:01:39.327root 11241100x8000000000000000185860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4106e9f65888d32022-04-04 14:01:39.328root 11241100x8000000000000000185859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70feae622fca1e282022-04-04 14:01:39.328root 11241100x8000000000000000185858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de48fb0811288a2022-04-04 14:01:39.328root 11241100x8000000000000000185857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b42c9b5479ce0c2022-04-04 14:01:39.328root 11241100x8000000000000000185856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fd34c190b7845d2022-04-04 14:01:39.328root 11241100x8000000000000000185855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c228a50427e1222022-04-04 14:01:39.328root 11241100x8000000000000000185854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8487b0a867c0645e2022-04-04 14:01:39.328root 11241100x8000000000000000185865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df95e633b83330f2022-04-04 14:01:39.329root 11241100x8000000000000000185864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd53a09b13c662c22022-04-04 14:01:39.329root 11241100x8000000000000000185863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f565092e0794fb42022-04-04 14:01:39.329root 11241100x8000000000000000185862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d32dbe4efd33402022-04-04 14:01:39.329root 11241100x8000000000000000185861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf459e9a96f82832022-04-04 14:01:39.329root 11241100x8000000000000000185874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828280704fda316f2022-04-04 14:01:39.330root 11241100x8000000000000000185873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5798c7c40f34ab472022-04-04 14:01:39.330root 11241100x8000000000000000185872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb1d0a56780cc7d2022-04-04 14:01:39.330root 11241100x8000000000000000185871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d63b71a07d8d5882022-04-04 14:01:39.330root 11241100x8000000000000000185870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495865b5f80f06012022-04-04 14:01:39.330root 11241100x8000000000000000185869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7790fd0a87f540752022-04-04 14:01:39.330root 11241100x8000000000000000185868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc8251fbda3b7742022-04-04 14:01:39.330root 11241100x8000000000000000185867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865bb59772a325402022-04-04 14:01:39.330root 11241100x8000000000000000185866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09574ee9b1bcd9f72022-04-04 14:01:39.330root 11241100x8000000000000000185886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079b937bee1c44172022-04-04 14:01:39.331root 11241100x8000000000000000185885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83754d0541eb5adb2022-04-04 14:01:39.331root 11241100x8000000000000000185884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aca92b0edf483ee2022-04-04 14:01:39.331root 11241100x8000000000000000185883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657b4b297aeb846b2022-04-04 14:01:39.331root 11241100x8000000000000000185882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e45a009ca52c8bc2022-04-04 14:01:39.331root 11241100x8000000000000000185881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acda868d10205de2022-04-04 14:01:39.331root 11241100x8000000000000000185880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9821ed8185834bfd2022-04-04 14:01:39.331root 11241100x8000000000000000185879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d251d2b462ab99a2022-04-04 14:01:39.331root 11241100x8000000000000000185878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1d622ff0b8abf92022-04-04 14:01:39.331root 11241100x8000000000000000185877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982e8aae3dfd3ef32022-04-04 14:01:39.331root 11241100x8000000000000000185876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14359719bc722d52022-04-04 14:01:39.331root 11241100x8000000000000000185875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cb20a56efdb5f22022-04-04 14:01:39.331root 11241100x8000000000000000185888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877f39769adf4be62022-04-04 14:01:39.332root 11241100x8000000000000000185887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24859a6aa01459c02022-04-04 14:01:39.332root 11241100x8000000000000000185890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9031141b02a7296a2022-04-04 14:01:39.826root 11241100x8000000000000000185889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e15e132047c79892022-04-04 14:01:39.826root 11241100x8000000000000000185900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adea6e5309010d6f2022-04-04 14:01:39.827root 11241100x8000000000000000185899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c3188cbc53d79c2022-04-04 14:01:39.827root 11241100x8000000000000000185898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67d6640bfb93742022-04-04 14:01:39.827root 11241100x8000000000000000185897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c706344ae05e3e5d2022-04-04 14:01:39.827root 11241100x8000000000000000185896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b2c41e670831ac2022-04-04 14:01:39.827root 11241100x8000000000000000185895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc8cf998c1be30e2022-04-04 14:01:39.827root 11241100x8000000000000000185894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c75c85a3414fbc2022-04-04 14:01:39.827root 11241100x8000000000000000185893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39083c6bd759c7c2022-04-04 14:01:39.827root 11241100x8000000000000000185892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6614312b99ba7c562022-04-04 14:01:39.827root 11241100x8000000000000000185891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fb019c5612f2032022-04-04 14:01:39.827root 11241100x8000000000000000185909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c2b36080921192022-04-04 14:01:39.828root 11241100x8000000000000000185908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689dfe901086225f2022-04-04 14:01:39.828root 11241100x8000000000000000185907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2939176afcf2d4502022-04-04 14:01:39.828root 11241100x8000000000000000185906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797efae98e4a229e2022-04-04 14:01:39.828root 11241100x8000000000000000185905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a6c3494b630cbe2022-04-04 14:01:39.828root 11241100x8000000000000000185904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e104982b4c0d7bc2022-04-04 14:01:39.828root 11241100x8000000000000000185903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545677144936d452022-04-04 14:01:39.828root 11241100x8000000000000000185902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15350b2c3cb9e492022-04-04 14:01:39.828root 11241100x8000000000000000185901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dad8321feee6802022-04-04 14:01:39.828root 11241100x8000000000000000185916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5bb03669ac4cff2022-04-04 14:01:39.829root 11241100x8000000000000000185915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719717ae7172872c2022-04-04 14:01:39.829root 11241100x8000000000000000185914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33449e21ef61b502022-04-04 14:01:39.829root 11241100x8000000000000000185913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1ed65ba666553e2022-04-04 14:01:39.829root 11241100x8000000000000000185912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2758ba6495f3392022-04-04 14:01:39.829root 11241100x8000000000000000185911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00595faa6eca71c2022-04-04 14:01:39.829root 11241100x8000000000000000185910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138799b495c46fd82022-04-04 14:01:39.829root 11241100x8000000000000000185926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdca59a144f287a2022-04-04 14:01:39.830root 11241100x8000000000000000185925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2706e40ec7cfa8f2022-04-04 14:01:39.830root 11241100x8000000000000000185924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2528b928bce357c2022-04-04 14:01:39.830root 11241100x8000000000000000185923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329dc1c36ced08232022-04-04 14:01:39.830root 11241100x8000000000000000185922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34b3c156b5875532022-04-04 14:01:39.830root 11241100x8000000000000000185921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ec4dcab546142f2022-04-04 14:01:39.830root 11241100x8000000000000000185920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c16323196676a4e2022-04-04 14:01:39.830root 11241100x8000000000000000185919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5467d9b1d305d4342022-04-04 14:01:39.830root 11241100x8000000000000000185918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b25bd2fb53356b2022-04-04 14:01:39.830root 11241100x8000000000000000185917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4111aaf5553d8c2022-04-04 14:01:39.830root 11241100x8000000000000000185934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e46b9f6015a0e482022-04-04 14:01:39.831root 11241100x8000000000000000185933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f894805bfda24c2022-04-04 14:01:39.831root 11241100x8000000000000000185932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb886588845e493d2022-04-04 14:01:39.831root 11241100x8000000000000000185931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7244bc1fca8d4802022-04-04 14:01:39.831root 11241100x8000000000000000185930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c9e6f8ea0693782022-04-04 14:01:39.831root 11241100x8000000000000000185929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a2c01b9072f6092022-04-04 14:01:39.831root 11241100x8000000000000000185928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502edd18b3515bbd2022-04-04 14:01:39.831root 11241100x8000000000000000185927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd08008731dbee72022-04-04 14:01:39.831root 11241100x8000000000000000185936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc37410a20efe252022-04-04 14:01:39.832root 11241100x8000000000000000185935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:39.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c4ebaf316226c92022-04-04 14:01:39.832root 11241100x8000000000000000185937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.326{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a6ad58db3ec9b22022-04-04 14:01:40.326root 11241100x8000000000000000185940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318a93e9f8ed55462022-04-04 14:01:40.327root 11241100x8000000000000000185939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3f2c94554e77ed2022-04-04 14:01:40.327root 11241100x8000000000000000185938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2533bbe279a5a0e12022-04-04 14:01:40.327root 11241100x8000000000000000185946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b409e084b8ec3c2022-04-04 14:01:40.328root 11241100x8000000000000000185945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e4f86b3f6006542022-04-04 14:01:40.328root 11241100x8000000000000000185944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5be39c3f444af42022-04-04 14:01:40.328root 11241100x8000000000000000185943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae23350706d4f1592022-04-04 14:01:40.328root 11241100x8000000000000000185942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4926efecd35b0682022-04-04 14:01:40.328root 11241100x8000000000000000185941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa69559f5f56bde72022-04-04 14:01:40.328root 11241100x8000000000000000185955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d13bd5aae43a942022-04-04 14:01:40.329root 11241100x8000000000000000185954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453f83d70d5c81ce2022-04-04 14:01:40.329root 11241100x8000000000000000185953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587fbf0e7642da002022-04-04 14:01:40.329root 11241100x8000000000000000185952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9a6bcc0425a1302022-04-04 14:01:40.329root 11241100x8000000000000000185951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e8da6d738cbf682022-04-04 14:01:40.329root 11241100x8000000000000000185950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb974caed4f5667e2022-04-04 14:01:40.329root 11241100x8000000000000000185949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b31ddd2da1ca2e2022-04-04 14:01:40.329root 11241100x8000000000000000185948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e467cd1a5b42af262022-04-04 14:01:40.329root 11241100x8000000000000000185947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833550efab1d48e32022-04-04 14:01:40.329root 11241100x8000000000000000185966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5ddecbe0949acc2022-04-04 14:01:40.330root 11241100x8000000000000000185965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af8668f016852412022-04-04 14:01:40.330root 11241100x8000000000000000185964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96bc9deea6469fc2022-04-04 14:01:40.330root 11241100x8000000000000000185963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10394e63ed92f4792022-04-04 14:01:40.330root 11241100x8000000000000000185962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81208eda67f16c72022-04-04 14:01:40.330root 11241100x8000000000000000185961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5949c96fe76564b82022-04-04 14:01:40.330root 11241100x8000000000000000185960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e281cdc432733092022-04-04 14:01:40.330root 11241100x8000000000000000185959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60419b1c0816dcd32022-04-04 14:01:40.330root 11241100x8000000000000000185958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf5dc702708e1ab2022-04-04 14:01:40.330root 11241100x8000000000000000185957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a527c6198ed61382022-04-04 14:01:40.330root 11241100x8000000000000000185956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cc1c0275ea8bff2022-04-04 14:01:40.330root 11241100x8000000000000000185976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773b801d08d6efe32022-04-04 14:01:40.331root 11241100x8000000000000000185975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03c384233a5f0e2022-04-04 14:01:40.331root 11241100x8000000000000000185974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e27c197290839592022-04-04 14:01:40.331root 11241100x8000000000000000185973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c930a5b25982c2022-04-04 14:01:40.331root 11241100x8000000000000000185972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641dca5eb4b9ccbe2022-04-04 14:01:40.331root 11241100x8000000000000000185971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4660532a2ec5e5c2022-04-04 14:01:40.331root 11241100x8000000000000000185970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eae23a9c78331f2022-04-04 14:01:40.331root 11241100x8000000000000000185969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0368201fa825082022-04-04 14:01:40.331root 11241100x8000000000000000185968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ac16e5ca01d5c2022-04-04 14:01:40.331root 11241100x8000000000000000185967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c64be44a3f127712022-04-04 14:01:40.331root 11241100x8000000000000000185983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef04fd2a2fac7faf2022-04-04 14:01:40.332root 11241100x8000000000000000185982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc678adf0f3cb8ef2022-04-04 14:01:40.332root 11241100x8000000000000000185981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fe71003e5227752022-04-04 14:01:40.332root 11241100x8000000000000000185980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb52d42207df05cd2022-04-04 14:01:40.332root 11241100x8000000000000000185979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adf88c830b650752022-04-04 14:01:40.332root 11241100x8000000000000000185978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1c19b1a3cbefc42022-04-04 14:01:40.332root 11241100x8000000000000000185977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf83c15f4ad1a7982022-04-04 14:01:40.332root 11241100x8000000000000000185990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be66cd8eb414f232022-04-04 14:01:40.827root 11241100x8000000000000000185989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0dc2bfdc98c68a2022-04-04 14:01:40.827root 11241100x8000000000000000185988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fdccfa5dba51942022-04-04 14:01:40.827root 11241100x8000000000000000185987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b581775aa8784d2022-04-04 14:01:40.827root 11241100x8000000000000000185986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d490decb799073e92022-04-04 14:01:40.827root 11241100x8000000000000000185985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bf922102bd84d52022-04-04 14:01:40.827root 11241100x8000000000000000185984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1889ea5d079033682022-04-04 14:01:40.827root 11241100x8000000000000000185993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d4bda9ff749122022-04-04 14:01:40.828root 11241100x8000000000000000185992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75195463ddb2f1372022-04-04 14:01:40.828root 11241100x8000000000000000185991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a48ebaa37b397c2022-04-04 14:01:40.828root 11241100x8000000000000000185998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9366bb817d50ddcb2022-04-04 14:01:40.829root 11241100x8000000000000000185997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa71e611dbcfdf72022-04-04 14:01:40.829root 11241100x8000000000000000185996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7a4d5eca63a5b22022-04-04 14:01:40.829root 11241100x8000000000000000185995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d398fb7d2c010d2022-04-04 14:01:40.829root 11241100x8000000000000000185994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7f196918efca8e2022-04-04 14:01:40.829root 11241100x8000000000000000186003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e00bb0ed37bba262022-04-04 14:01:40.830root 11241100x8000000000000000186002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9fee4d400439bb2022-04-04 14:01:40.830root 11241100x8000000000000000186001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd539e63f061bb2022-04-04 14:01:40.830root 11241100x8000000000000000186000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cb9d230a35c04d2022-04-04 14:01:40.830root 11241100x8000000000000000185999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319ed5ac3a78f7d2022-04-04 14:01:40.830root 11241100x8000000000000000186012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16de8e8700c88542022-04-04 14:01:40.831root 11241100x8000000000000000186011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e03cda3dddbb5a2022-04-04 14:01:40.831root 11241100x8000000000000000186010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176c96fed65c2c982022-04-04 14:01:40.831root 11241100x8000000000000000186009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9956b0080b3416ef2022-04-04 14:01:40.831root 11241100x8000000000000000186008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a475a95d8099be62022-04-04 14:01:40.831root 11241100x8000000000000000186007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186d522c6f6173722022-04-04 14:01:40.831root 11241100x8000000000000000186006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da92fd27d12b1d082022-04-04 14:01:40.831root 11241100x8000000000000000186005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300151105fcd01592022-04-04 14:01:40.831root 11241100x8000000000000000186004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8decad6ce32ca6f2022-04-04 14:01:40.831root 11241100x8000000000000000186023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb5e67b7d0d13d32022-04-04 14:01:40.832root 11241100x8000000000000000186022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffce243a6854c80a2022-04-04 14:01:40.832root 11241100x8000000000000000186021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b305e982f23a63bd2022-04-04 14:01:40.832root 11241100x8000000000000000186020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2477a3df61d7042022-04-04 14:01:40.832root 11241100x8000000000000000186019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c541089032031022022-04-04 14:01:40.832root 11241100x8000000000000000186018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4db8f0f2e34f6f42022-04-04 14:01:40.832root 11241100x8000000000000000186017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20882ed107899472022-04-04 14:01:40.832root 11241100x8000000000000000186016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3412e4bd822cef2022-04-04 14:01:40.832root 11241100x8000000000000000186015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35926c82adc442332022-04-04 14:01:40.832root 11241100x8000000000000000186014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c144aa51fb3c7a2022-04-04 14:01:40.832root 11241100x8000000000000000186013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73f8b9ea805bfe22022-04-04 14:01:40.832root 11241100x8000000000000000186029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4db3897fbbf52cc2022-04-04 14:01:40.833root 11241100x8000000000000000186028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bbad89c506e2fc2022-04-04 14:01:40.833root 11241100x8000000000000000186027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb06ab254a4ac0d2022-04-04 14:01:40.833root 11241100x8000000000000000186026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e297c2462801b62022-04-04 14:01:40.833root 11241100x8000000000000000186025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959165111a42b0d2022-04-04 14:01:40.833root 11241100x8000000000000000186024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:40.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551cb3e1122e2de52022-04-04 14:01:40.833root 11241100x8000000000000000186038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e43b01046aa1192022-04-04 14:01:41.327root 11241100x8000000000000000186037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a8439454a763e32022-04-04 14:01:41.327root 11241100x8000000000000000186036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126b2f34de2857c02022-04-04 14:01:41.327root 11241100x8000000000000000186035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a25523cd9f497ba2022-04-04 14:01:41.327root 11241100x8000000000000000186034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a998831eb74151802022-04-04 14:01:41.327root 11241100x8000000000000000186033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c7d0931064c1652022-04-04 14:01:41.327root 11241100x8000000000000000186032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161d21c8f726cac82022-04-04 14:01:41.327root 11241100x8000000000000000186031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ccfad91e51b4692022-04-04 14:01:41.327root 11241100x8000000000000000186030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fe505cfee54c852022-04-04 14:01:41.327root 11241100x8000000000000000186045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ac3be43294a72c2022-04-04 14:01:41.328root 11241100x8000000000000000186044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10856a7c4613b24c2022-04-04 14:01:41.328root 11241100x8000000000000000186043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17715db0b84db2422022-04-04 14:01:41.328root 11241100x8000000000000000186042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f92c2e57a0e392f2022-04-04 14:01:41.328root 11241100x8000000000000000186041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5652cd8e523f164f2022-04-04 14:01:41.328root 11241100x8000000000000000186040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4c49562a80f3fc2022-04-04 14:01:41.328root 11241100x8000000000000000186039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c514e8edb86b69a02022-04-04 14:01:41.328root 11241100x8000000000000000186059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef17a9f43e8b7da02022-04-04 14:01:41.329root 11241100x8000000000000000186058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53854d40a0669c712022-04-04 14:01:41.329root 11241100x8000000000000000186057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482c311dd13e63e52022-04-04 14:01:41.329root 11241100x8000000000000000186056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0e2be7829ec6092022-04-04 14:01:41.329root 11241100x8000000000000000186055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12526b6f875002b22022-04-04 14:01:41.329root 11241100x8000000000000000186054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d34092a62e3df72022-04-04 14:01:41.329root 11241100x8000000000000000186053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19ba9b848f4b4972022-04-04 14:01:41.329root 11241100x8000000000000000186052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843338967f74492f2022-04-04 14:01:41.329root 11241100x8000000000000000186051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7631c25b3b6fdea62022-04-04 14:01:41.329root 11241100x8000000000000000186050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171a1105f32586712022-04-04 14:01:41.329root 11241100x8000000000000000186049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac3a6ffad0cd722022-04-04 14:01:41.329root 11241100x8000000000000000186048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc02a5b17dd79ef42022-04-04 14:01:41.329root 11241100x8000000000000000186047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6745519aa9ec5b152022-04-04 14:01:41.329root 11241100x8000000000000000186046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda44b7a6f5e3c92022-04-04 14:01:41.329root 11241100x8000000000000000186072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce85a191be38c832022-04-04 14:01:41.330root 11241100x8000000000000000186071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dbf0fa681a94f92022-04-04 14:01:41.330root 11241100x8000000000000000186070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b05ab8bbc2f9b482022-04-04 14:01:41.330root 11241100x8000000000000000186069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26824e12838911ce2022-04-04 14:01:41.330root 11241100x8000000000000000186068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe0d7f83ef0fdaa2022-04-04 14:01:41.330root 11241100x8000000000000000186067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdea1e87c1be0102022-04-04 14:01:41.330root 11241100x8000000000000000186066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43245fd5e110dc822022-04-04 14:01:41.330root 11241100x8000000000000000186065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe20352cca600202022-04-04 14:01:41.330root 11241100x8000000000000000186064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4ddb348cd6010c2022-04-04 14:01:41.330root 11241100x8000000000000000186063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e15f2719f8df62022-04-04 14:01:41.330root 11241100x8000000000000000186062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7597a21318c2e2022-04-04 14:01:41.330root 11241100x8000000000000000186061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1752e2a338b512022-04-04 14:01:41.330root 11241100x8000000000000000186060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfa7e2d029ae5bd2022-04-04 14:01:41.330root 11241100x8000000000000000186079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617b0a4f86b56ded2022-04-04 14:01:41.331root 11241100x8000000000000000186078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efe2c193f31bf222022-04-04 14:01:41.331root 11241100x8000000000000000186077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c936cab722f1372022-04-04 14:01:41.331root 11241100x8000000000000000186076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9576c4c85ff8fdff2022-04-04 14:01:41.331root 11241100x8000000000000000186075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cf0ddf1c01179e2022-04-04 14:01:41.331root 11241100x8000000000000000186074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdcc5addf108f242022-04-04 14:01:41.331root 11241100x8000000000000000186073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee94190f52eb8eb2022-04-04 14:01:41.331root 11241100x8000000000000000186090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fb777bae6b33722022-04-04 14:01:41.827root 11241100x8000000000000000186089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9550a46b89e2b72022-04-04 14:01:41.827root 11241100x8000000000000000186088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3820f4801013d0ee2022-04-04 14:01:41.827root 11241100x8000000000000000186087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a63c4eba4545f52022-04-04 14:01:41.827root 11241100x8000000000000000186086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8842c7e418eae11d2022-04-04 14:01:41.827root 11241100x8000000000000000186085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b8c9f7ca511ebe2022-04-04 14:01:41.827root 11241100x8000000000000000186084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d25780aa06772c2022-04-04 14:01:41.827root 11241100x8000000000000000186083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e05f61a6ea839912022-04-04 14:01:41.827root 11241100x8000000000000000186082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aff39261f3440a2022-04-04 14:01:41.827root 11241100x8000000000000000186081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6396ba6d59742b8f2022-04-04 14:01:41.827root 11241100x8000000000000000186080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737c0c0fd40682492022-04-04 14:01:41.827root 11241100x8000000000000000186100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ee95fbbf41b0e82022-04-04 14:01:41.828root 11241100x8000000000000000186099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cc29ceaafa3da72022-04-04 14:01:41.828root 11241100x8000000000000000186098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31899c22db892c42022-04-04 14:01:41.828root 11241100x8000000000000000186097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ccead4640b8ba82022-04-04 14:01:41.828root 11241100x8000000000000000186096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e0ef25158eaabd2022-04-04 14:01:41.828root 11241100x8000000000000000186095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc71874dd0daeb22022-04-04 14:01:41.828root 11241100x8000000000000000186094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdab2232778701012022-04-04 14:01:41.828root 11241100x8000000000000000186093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b457226a1555ff42022-04-04 14:01:41.828root 11241100x8000000000000000186092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58ea255c984b0d32022-04-04 14:01:41.828root 11241100x8000000000000000186091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef7a97e6d125dee2022-04-04 14:01:41.828root 11241100x8000000000000000186112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79c0e3743c44b652022-04-04 14:01:41.829root 11241100x8000000000000000186111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c078fdde0746ffe72022-04-04 14:01:41.829root 11241100x8000000000000000186110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b3fa14279cfde32022-04-04 14:01:41.829root 11241100x8000000000000000186109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ffa16d3820ffbb2022-04-04 14:01:41.829root 11241100x8000000000000000186108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e068fbb6dee6492022-04-04 14:01:41.829root 11241100x8000000000000000186107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fca5eed21e10c12022-04-04 14:01:41.829root 11241100x8000000000000000186106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddf8612e417f1622022-04-04 14:01:41.829root 11241100x8000000000000000186105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c421d9c32d3b76f22022-04-04 14:01:41.829root 11241100x8000000000000000186104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599b94f8f9daab72022-04-04 14:01:41.829root 11241100x8000000000000000186103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a51264ad996ecd2022-04-04 14:01:41.829root 11241100x8000000000000000186102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc163fa21e5237a82022-04-04 14:01:41.829root 11241100x8000000000000000186101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c35d055fd523722022-04-04 14:01:41.829root 11241100x8000000000000000186124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8d1d0fd47c8c752022-04-04 14:01:41.830root 11241100x8000000000000000186123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd7e924a85d4a192022-04-04 14:01:41.830root 11241100x8000000000000000186122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbefd19c7d721852022-04-04 14:01:41.830root 11241100x8000000000000000186121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad3dd4d597447932022-04-04 14:01:41.830root 11241100x8000000000000000186120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3295240986e19c22022-04-04 14:01:41.830root 11241100x8000000000000000186119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d74fb7d1991d08d2022-04-04 14:01:41.830root 11241100x8000000000000000186118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383cbf00866ca8942022-04-04 14:01:41.830root 11241100x8000000000000000186117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a2719a529f39492022-04-04 14:01:41.830root 11241100x8000000000000000186116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0210ab19c8783d5e2022-04-04 14:01:41.830root 11241100x8000000000000000186115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f63f5413d8046302022-04-04 14:01:41.830root 11241100x8000000000000000186114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549c5e351631ae032022-04-04 14:01:41.830root 11241100x8000000000000000186113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ec8ed815c90b312022-04-04 14:01:41.830root 11241100x8000000000000000186131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ba7a521b0fec802022-04-04 14:01:41.831root 11241100x8000000000000000186130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576563fe82cf76d02022-04-04 14:01:41.831root 11241100x8000000000000000186129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daad2f7e0831db272022-04-04 14:01:41.831root 11241100x8000000000000000186128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc04a66070bef6182022-04-04 14:01:41.831root 11241100x8000000000000000186127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09009be48b042512022-04-04 14:01:41.831root 11241100x8000000000000000186126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02991bbaa00388e22022-04-04 14:01:41.831root 11241100x8000000000000000186125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:41.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa39b32d971b4a532022-04-04 14:01:41.831root 354300x8000000000000000186132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.107{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34468-false10.0.1.12-8000- 11241100x8000000000000000186134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.108{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2998b0d16ac2a32022-04-04 14:01:42.108root 11241100x8000000000000000186133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.108{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ce0cc2020b29342022-04-04 14:01:42.108root 11241100x8000000000000000186139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.109{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59393470af5757462022-04-04 14:01:42.109root 11241100x8000000000000000186138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.109{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224e075274e931a12022-04-04 14:01:42.109root 11241100x8000000000000000186137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.109{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae2f6e294f372032022-04-04 14:01:42.109root 11241100x8000000000000000186136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.109{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002175df9610441a2022-04-04 14:01:42.109root 11241100x8000000000000000186135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.109{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3970aa4da263ed0e2022-04-04 14:01:42.109root 11241100x8000000000000000186148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d1cf56f681f1472022-04-04 14:01:42.110root 11241100x8000000000000000186147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6441544de7fed4f32022-04-04 14:01:42.110root 11241100x8000000000000000186146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26bcf4bb0e98ef42022-04-04 14:01:42.110root 11241100x8000000000000000186145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2375e87998aac5ab2022-04-04 14:01:42.110root 11241100x8000000000000000186144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8473d83cc8ad722022-04-04 14:01:42.110root 11241100x8000000000000000186143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac24cf077479d102022-04-04 14:01:42.110root 11241100x8000000000000000186142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208f47c322d4e8922022-04-04 14:01:42.110root 11241100x8000000000000000186141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c4769df939eb672022-04-04 14:01:42.110root 11241100x8000000000000000186140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.110{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c1ee4c4583e8a82022-04-04 14:01:42.110root 11241100x8000000000000000186154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.111{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8f917d0deed91f2022-04-04 14:01:42.111root 11241100x8000000000000000186153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.111{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fee5e5ef93828a2022-04-04 14:01:42.111root 11241100x8000000000000000186152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.111{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7a2da1f6e4d3842022-04-04 14:01:42.111root 11241100x8000000000000000186151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.111{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26eeeae8b50bf932022-04-04 14:01:42.111root 11241100x8000000000000000186150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.111{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1307c86a61dd17bf2022-04-04 14:01:42.111root 11241100x8000000000000000186149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.111{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca10a57f48f053f72022-04-04 14:01:42.111root 11241100x8000000000000000186161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.112{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0174085063a0702022-04-04 14:01:42.112root 11241100x8000000000000000186160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.112{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3afc27f65b94b172022-04-04 14:01:42.112root 11241100x8000000000000000186159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.112{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9392ee505340882022-04-04 14:01:42.112root 11241100x8000000000000000186158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.112{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aea2b962b652ad2022-04-04 14:01:42.112root 11241100x8000000000000000186157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.112{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce1f3940fca91ba2022-04-04 14:01:42.112root 11241100x8000000000000000186156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.112{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc51681680fb8552022-04-04 14:01:42.112root 11241100x8000000000000000186155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.112{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b4315d7c4e36802022-04-04 14:01:42.112root 11241100x8000000000000000186165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.113{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccb3fde5f5f15812022-04-04 14:01:42.113root 11241100x8000000000000000186164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.113{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40907ecebf9562cd2022-04-04 14:01:42.113root 11241100x8000000000000000186163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.113{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c53a3fb565c6992022-04-04 14:01:42.113root 11241100x8000000000000000186162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.113{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaaa5f2ab6d94b92022-04-04 14:01:42.113root 11241100x8000000000000000186176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c81a60017f32d2022-04-04 14:01:42.116root 11241100x8000000000000000186175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f13139ed8ffee32022-04-04 14:01:42.116root 11241100x8000000000000000186174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b784e57eedbb8e2022-04-04 14:01:42.116root 11241100x8000000000000000186173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e84aafdf49a0ac52022-04-04 14:01:42.116root 11241100x8000000000000000186172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14bcd8523a3bfb92022-04-04 14:01:42.116root 11241100x8000000000000000186171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb3b163f7c6e3302022-04-04 14:01:42.116root 11241100x8000000000000000186170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79adc4d38e3de082022-04-04 14:01:42.116root 11241100x8000000000000000186169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1d4f9c829029f72022-04-04 14:01:42.116root 11241100x8000000000000000186168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ec95315482248e2022-04-04 14:01:42.116root 11241100x8000000000000000186167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234e4659e310bb652022-04-04 14:01:42.116root 11241100x8000000000000000186166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.116{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0312e92a34e4766b2022-04-04 14:01:42.116root 11241100x8000000000000000186181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.117{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac1e0eb98ca522f2022-04-04 14:01:42.117root 11241100x8000000000000000186180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.117{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b89ba6f2e6c8e2022-04-04 14:01:42.117root 11241100x8000000000000000186179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.117{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3337bfcf82fc6c72022-04-04 14:01:42.117root 11241100x8000000000000000186178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.117{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727170b5ea40c7ec2022-04-04 14:01:42.117root 11241100x8000000000000000186177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.117{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1995049bd8aa8cd2022-04-04 14:01:42.117root 11241100x8000000000000000186186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdff164b444a9ef22022-04-04 14:01:42.577root 11241100x8000000000000000186185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aaebdecf15e6c12022-04-04 14:01:42.577root 11241100x8000000000000000186184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b157b685c5858f2022-04-04 14:01:42.577root 11241100x8000000000000000186183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c355bc242d3f5d882022-04-04 14:01:42.577root 11241100x8000000000000000186182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e111bed4f866fe562022-04-04 14:01:42.577root 11241100x8000000000000000186201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee10a5322ab7db62022-04-04 14:01:42.578root 11241100x8000000000000000186200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb42f31014858972022-04-04 14:01:42.578root 11241100x8000000000000000186199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96693262693b18fe2022-04-04 14:01:42.578root 11241100x8000000000000000186198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c7d079a59b0b562022-04-04 14:01:42.578root 11241100x8000000000000000186197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923eb5d916afd7b72022-04-04 14:01:42.578root 11241100x8000000000000000186196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3ee9a4756d5d4d2022-04-04 14:01:42.578root 11241100x8000000000000000186195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b713d2ad20f89a2022-04-04 14:01:42.578root 11241100x8000000000000000186194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba77137eb315e92022-04-04 14:01:42.578root 11241100x8000000000000000186193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff868fed7b52a512022-04-04 14:01:42.578root 11241100x8000000000000000186192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37226e5de99200252022-04-04 14:01:42.578root 11241100x8000000000000000186191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca03c343c3d7f912022-04-04 14:01:42.578root 11241100x8000000000000000186190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305c18c7ce29f78b2022-04-04 14:01:42.578root 11241100x8000000000000000186189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0f4ce7bea43f342022-04-04 14:01:42.578root 11241100x8000000000000000186188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860455f53dc71e542022-04-04 14:01:42.578root 11241100x8000000000000000186187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5f222a28ea1bff2022-04-04 14:01:42.578root 11241100x8000000000000000186217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847e0b036c9142732022-04-04 14:01:42.579root 11241100x8000000000000000186216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c484dabf1f75132022-04-04 14:01:42.579root 11241100x8000000000000000186215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecc83cc2d241d152022-04-04 14:01:42.579root 11241100x8000000000000000186214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadfcd7ae2da31072022-04-04 14:01:42.579root 11241100x8000000000000000186213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966922a7f4338c312022-04-04 14:01:42.579root 11241100x8000000000000000186212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73099104f17b1bd2022-04-04 14:01:42.579root 11241100x8000000000000000186211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a39cdd8dc0a91e02022-04-04 14:01:42.579root 11241100x8000000000000000186210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a418cf243a52c42e2022-04-04 14:01:42.579root 11241100x8000000000000000186209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a79d3ef0f82e8c2022-04-04 14:01:42.579root 11241100x8000000000000000186208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816f7b089bf3214d2022-04-04 14:01:42.579root 11241100x8000000000000000186207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d39d4c2857f26c22022-04-04 14:01:42.579root 11241100x8000000000000000186206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e50948b51b17c52022-04-04 14:01:42.579root 11241100x8000000000000000186205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217614af7e07d46d2022-04-04 14:01:42.579root 11241100x8000000000000000186204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6170a26aa3f35d2022-04-04 14:01:42.579root 11241100x8000000000000000186203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9008432c22ef9bd62022-04-04 14:01:42.579root 11241100x8000000000000000186202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc765afe97aa78d2022-04-04 14:01:42.579root 11241100x8000000000000000186219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a14209b043f86d2022-04-04 14:01:42.580root 11241100x8000000000000000186218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:42.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91df00245f200bab2022-04-04 14:01:42.580root 11241100x8000000000000000186227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bcb17742baec182022-04-04 14:01:43.077root 11241100x8000000000000000186226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc43362d8f391b82022-04-04 14:01:43.077root 11241100x8000000000000000186225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10726232cb3af0b2022-04-04 14:01:43.077root 11241100x8000000000000000186224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b0863d1d5525632022-04-04 14:01:43.077root 11241100x8000000000000000186223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be69c57bf539772022-04-04 14:01:43.077root 11241100x8000000000000000186222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c424d5ebc63eaf12022-04-04 14:01:43.077root 11241100x8000000000000000186221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b16e85672755c3b2022-04-04 14:01:43.077root 11241100x8000000000000000186220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c89b02d074e19f2022-04-04 14:01:43.077root 11241100x8000000000000000186241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9c79d4a656cad22022-04-04 14:01:43.078root 11241100x8000000000000000186240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b2bf1c09177d352022-04-04 14:01:43.078root 11241100x8000000000000000186239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e791e1ed44fd872022-04-04 14:01:43.078root 11241100x8000000000000000186238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bcd47a06166d272022-04-04 14:01:43.078root 11241100x8000000000000000186237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e77e518827800052022-04-04 14:01:43.078root 11241100x8000000000000000186236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c7668079bed3362022-04-04 14:01:43.078root 11241100x8000000000000000186235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911f59a6ac076d4e2022-04-04 14:01:43.078root 11241100x8000000000000000186234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f8c7ebf4ebbf732022-04-04 14:01:43.078root 11241100x8000000000000000186233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745e0a6dc80e91a92022-04-04 14:01:43.078root 11241100x8000000000000000186232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab4c1918579575b2022-04-04 14:01:43.078root 11241100x8000000000000000186231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4ac9ff7063de932022-04-04 14:01:43.078root 11241100x8000000000000000186230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed64c124e7f00c072022-04-04 14:01:43.078root 11241100x8000000000000000186229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74a370759541d252022-04-04 14:01:43.078root 11241100x8000000000000000186228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d0f76c87358f712022-04-04 14:01:43.078root 11241100x8000000000000000186252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087b05f7a1833a052022-04-04 14:01:43.079root 11241100x8000000000000000186251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f298064aefed1f2022-04-04 14:01:43.079root 11241100x8000000000000000186250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a723baeca84b7972022-04-04 14:01:43.079root 11241100x8000000000000000186249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97f34813aa657312022-04-04 14:01:43.079root 11241100x8000000000000000186248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed901dcbfd7bb2ad2022-04-04 14:01:43.079root 11241100x8000000000000000186247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95abd9963ada972022-04-04 14:01:43.079root 11241100x8000000000000000186246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656eb61f31e08e352022-04-04 14:01:43.079root 11241100x8000000000000000186245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee81c93135bdaaef2022-04-04 14:01:43.079root 11241100x8000000000000000186244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fe4962fe3125ae2022-04-04 14:01:43.079root 11241100x8000000000000000186243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a464a2c7edc3832022-04-04 14:01:43.079root 11241100x8000000000000000186242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc9359ba25f34042022-04-04 14:01:43.079root 11241100x8000000000000000186258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12dacbddfd02f2d2022-04-04 14:01:43.080root 11241100x8000000000000000186257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941738ddadf6f91f2022-04-04 14:01:43.080root 11241100x8000000000000000186256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e267933f763fde2022-04-04 14:01:43.080root 11241100x8000000000000000186255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7527f93372265b132022-04-04 14:01:43.080root 11241100x8000000000000000186254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acb8a5bb5523b552022-04-04 14:01:43.080root 11241100x8000000000000000186253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f827ee78f44997332022-04-04 14:01:43.080root 11241100x8000000000000000186265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d2c93f08a7706c2022-04-04 14:01:43.577root 11241100x8000000000000000186264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dc56c4e828a5252022-04-04 14:01:43.577root 11241100x8000000000000000186263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324d1c81ec7d9ae2022-04-04 14:01:43.577root 11241100x8000000000000000186262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03b152d306bbbb92022-04-04 14:01:43.577root 11241100x8000000000000000186261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9332b4b70cea1f6e2022-04-04 14:01:43.577root 11241100x8000000000000000186260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149515db8815a6472022-04-04 14:01:43.577root 11241100x8000000000000000186259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0764f3e8a59845e2022-04-04 14:01:43.577root 11241100x8000000000000000186276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fda7d91b727fe02022-04-04 14:01:43.578root 11241100x8000000000000000186275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b530340cc475bda62022-04-04 14:01:43.578root 11241100x8000000000000000186274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb087def2c30a1cd2022-04-04 14:01:43.578root 11241100x8000000000000000186273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d5afda50903d172022-04-04 14:01:43.578root 11241100x8000000000000000186272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ab7a2b606ece5b2022-04-04 14:01:43.578root 11241100x8000000000000000186271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810b9b8e3d3406262022-04-04 14:01:43.578root 11241100x8000000000000000186270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3262b4f63fd4bc742022-04-04 14:01:43.578root 11241100x8000000000000000186269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6a87283248dd892022-04-04 14:01:43.578root 11241100x8000000000000000186268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929d30223dd778292022-04-04 14:01:43.578root 11241100x8000000000000000186267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ae3860e67401602022-04-04 14:01:43.578root 11241100x8000000000000000186266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620d93d0001445012022-04-04 14:01:43.578root 11241100x8000000000000000186288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b128433ceeb796722022-04-04 14:01:43.579root 11241100x8000000000000000186287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3953ea8e07819e9b2022-04-04 14:01:43.579root 11241100x8000000000000000186286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28314674acd0547c2022-04-04 14:01:43.579root 11241100x8000000000000000186285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35224231a82056202022-04-04 14:01:43.579root 11241100x8000000000000000186284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11b9935601c76822022-04-04 14:01:43.579root 11241100x8000000000000000186283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d618bfaa3f8482022-04-04 14:01:43.579root 11241100x8000000000000000186282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c106822a384246d2022-04-04 14:01:43.579root 11241100x8000000000000000186281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400caf559c1e43412022-04-04 14:01:43.579root 11241100x8000000000000000186280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c4a228339896722022-04-04 14:01:43.579root 11241100x8000000000000000186279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d71227e29f85d02022-04-04 14:01:43.579root 11241100x8000000000000000186278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ad6f4037621b462022-04-04 14:01:43.579root 11241100x8000000000000000186277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6552eb4273ed5c2022-04-04 14:01:43.579root 11241100x8000000000000000186298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa04e3e318cccb52022-04-04 14:01:43.580root 11241100x8000000000000000186297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0248abc3f22133f72022-04-04 14:01:43.580root 11241100x8000000000000000186296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a731b3bdd96ac62022-04-04 14:01:43.580root 11241100x8000000000000000186295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16ec2cabb7c22032022-04-04 14:01:43.580root 11241100x8000000000000000186294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9624a53a166e65042022-04-04 14:01:43.580root 11241100x8000000000000000186293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ac6d527a3696732022-04-04 14:01:43.580root 11241100x8000000000000000186292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edde696b78392852022-04-04 14:01:43.580root 11241100x8000000000000000186291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40b4bd69e75ce9e2022-04-04 14:01:43.580root 11241100x8000000000000000186290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67615d08f1f770c2022-04-04 14:01:43.580root 11241100x8000000000000000186289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997b59291c3b0dae2022-04-04 14:01:43.580root 11241100x8000000000000000186300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d8c0a99303c7902022-04-04 14:01:43.581root 11241100x8000000000000000186299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:43.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c121a66adb351ea2022-04-04 14:01:43.581root 11241100x8000000000000000186301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ea4b857086b6d52022-04-04 14:01:44.076root 11241100x8000000000000000186311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc6792b38418f8c2022-04-04 14:01:44.077root 11241100x8000000000000000186310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e768cccf7cc41662022-04-04 14:01:44.077root 11241100x8000000000000000186309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855f1eec4640a5e82022-04-04 14:01:44.077root 11241100x8000000000000000186308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f4ae220d894152022-04-04 14:01:44.077root 11241100x8000000000000000186307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcf60a8b912f5232022-04-04 14:01:44.077root 11241100x8000000000000000186306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7232ba158ac0f2852022-04-04 14:01:44.077root 11241100x8000000000000000186305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f0c4aaf6eb00102022-04-04 14:01:44.077root 11241100x8000000000000000186304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc56ce0d45d67602022-04-04 14:01:44.077root 11241100x8000000000000000186303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda04eb0e5b5ab0e2022-04-04 14:01:44.077root 11241100x8000000000000000186302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683dce0bfbf0f91a2022-04-04 14:01:44.077root 11241100x8000000000000000186325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5076dcc957afcf762022-04-04 14:01:44.078root 11241100x8000000000000000186324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d121fa5943f982022-04-04 14:01:44.078root 11241100x8000000000000000186323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7f95d6582d148c2022-04-04 14:01:44.078root 11241100x8000000000000000186322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a0eca2b3cb98b12022-04-04 14:01:44.078root 11241100x8000000000000000186321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d9e4fc435b25282022-04-04 14:01:44.078root 11241100x8000000000000000186320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5caaadcad03cad2022-04-04 14:01:44.078root 11241100x8000000000000000186319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83409680023993732022-04-04 14:01:44.078root 11241100x8000000000000000186318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609a91340f92607a2022-04-04 14:01:44.078root 11241100x8000000000000000186317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db689130c044be92022-04-04 14:01:44.078root 11241100x8000000000000000186316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeaa15ec73f4abf02022-04-04 14:01:44.078root 11241100x8000000000000000186315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd059a4651d338c2022-04-04 14:01:44.078root 11241100x8000000000000000186314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8389e73b98ba9b6f2022-04-04 14:01:44.078root 11241100x8000000000000000186313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eb8719a369575c2022-04-04 14:01:44.078root 11241100x8000000000000000186312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14226d06270afc332022-04-04 14:01:44.078root 11241100x8000000000000000186337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8656146633f497422022-04-04 14:01:44.079root 11241100x8000000000000000186336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ae2e44b56bb5422022-04-04 14:01:44.079root 11241100x8000000000000000186335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259c97a39c65453a2022-04-04 14:01:44.079root 11241100x8000000000000000186334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280fce0af1909dd32022-04-04 14:01:44.079root 11241100x8000000000000000186333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f210c30c41b0d2022-04-04 14:01:44.079root 11241100x8000000000000000186332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1b3d8fefdfbb9a2022-04-04 14:01:44.079root 11241100x8000000000000000186331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae28616b114f53d2022-04-04 14:01:44.079root 11241100x8000000000000000186330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50c160c1358aa8b2022-04-04 14:01:44.079root 11241100x8000000000000000186329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c9eab8d9b7ff6d2022-04-04 14:01:44.079root 11241100x8000000000000000186328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2b2888236458972022-04-04 14:01:44.079root 11241100x8000000000000000186327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556eb55438905a192022-04-04 14:01:44.079root 11241100x8000000000000000186326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d56e61d1cc9e9a82022-04-04 14:01:44.079root 11241100x8000000000000000186346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaf44b43e8cd6ac2022-04-04 14:01:44.080root 11241100x8000000000000000186345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850a381bf8d304d42022-04-04 14:01:44.080root 11241100x8000000000000000186344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76a0a26da69fb212022-04-04 14:01:44.080root 11241100x8000000000000000186343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b110162568bf812022-04-04 14:01:44.080root 11241100x8000000000000000186342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b381bb3b2b581aa2022-04-04 14:01:44.080root 11241100x8000000000000000186341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795fc8d1bcbc76c22022-04-04 14:01:44.080root 11241100x8000000000000000186340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffc3eded1bf20462022-04-04 14:01:44.080root 11241100x8000000000000000186339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20d3221be19b6b52022-04-04 14:01:44.080root 11241100x8000000000000000186338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f3a6c2e88163992022-04-04 14:01:44.080root 11241100x8000000000000000186347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d26418b5043ee32022-04-04 14:01:44.081root 11241100x8000000000000000186354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1fa6fbea72bc242022-04-04 14:01:44.577root 11241100x8000000000000000186353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2b7d6987c841bd2022-04-04 14:01:44.577root 11241100x8000000000000000186352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00006aeb150b2fc32022-04-04 14:01:44.577root 11241100x8000000000000000186351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91b4cb3189356002022-04-04 14:01:44.577root 11241100x8000000000000000186350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6894f240423c00a2022-04-04 14:01:44.577root 11241100x8000000000000000186349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9047be957d2bb3d22022-04-04 14:01:44.577root 11241100x8000000000000000186348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa75ed14eb38abc2022-04-04 14:01:44.577root 11241100x8000000000000000186369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dba6dd563250af2022-04-04 14:01:44.578root 11241100x8000000000000000186368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aed58075868939e2022-04-04 14:01:44.578root 11241100x8000000000000000186367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd70f5d68501f752022-04-04 14:01:44.578root 11241100x8000000000000000186366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2abb38eec9004ea2022-04-04 14:01:44.578root 11241100x8000000000000000186365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f87f56aca244a02022-04-04 14:01:44.578root 11241100x8000000000000000186364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1460451584ce3c2022-04-04 14:01:44.578root 11241100x8000000000000000186363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29867689d12b784f2022-04-04 14:01:44.578root 11241100x8000000000000000186362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5471eda80a18e0d2022-04-04 14:01:44.578root 11241100x8000000000000000186361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a2e4f4bd9b3be72022-04-04 14:01:44.578root 11241100x8000000000000000186360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96434ff5c3f01a2022-04-04 14:01:44.578root 11241100x8000000000000000186359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2131def3c8550e22022-04-04 14:01:44.578root 11241100x8000000000000000186358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8813d79712f6d0042022-04-04 14:01:44.578root 11241100x8000000000000000186357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2e8876e3108a082022-04-04 14:01:44.578root 11241100x8000000000000000186356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc8997c475ba8d72022-04-04 14:01:44.578root 11241100x8000000000000000186355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2035ba71e5e1b74f2022-04-04 14:01:44.578root 11241100x8000000000000000186384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c47c7326df1b0782022-04-04 14:01:44.579root 11241100x8000000000000000186383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade90feb85938602022-04-04 14:01:44.579root 11241100x8000000000000000186382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13539a154385a4ea2022-04-04 14:01:44.579root 11241100x8000000000000000186381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c456636e736d8be2022-04-04 14:01:44.579root 11241100x8000000000000000186380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae5c0b49872962d2022-04-04 14:01:44.579root 11241100x8000000000000000186379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d1593004c29e182022-04-04 14:01:44.579root 11241100x8000000000000000186378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdca9e0c8f54bbab2022-04-04 14:01:44.579root 11241100x8000000000000000186377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee5f7dbb4eedb862022-04-04 14:01:44.579root 11241100x8000000000000000186376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3f87ab50f257822022-04-04 14:01:44.579root 11241100x8000000000000000186375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd3d3e971f0a162022-04-04 14:01:44.579root 11241100x8000000000000000186374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b935414e51f5b902022-04-04 14:01:44.579root 11241100x8000000000000000186373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdc0ae9688b159e2022-04-04 14:01:44.579root 11241100x8000000000000000186372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ce964149e8fab92022-04-04 14:01:44.579root 11241100x8000000000000000186371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fd4f8346d086b82022-04-04 14:01:44.579root 11241100x8000000000000000186370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c7a5e16bd153692022-04-04 14:01:44.579root 11241100x8000000000000000186389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad1214a4a20795d2022-04-04 14:01:44.580root 11241100x8000000000000000186388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e92ecd040eb5ae2022-04-04 14:01:44.580root 11241100x8000000000000000186387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9e0ee823732a742022-04-04 14:01:44.580root 11241100x8000000000000000186386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e871f3672a6a37b92022-04-04 14:01:44.580root 11241100x8000000000000000186385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:44.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4407eabeee7d2cee2022-04-04 14:01:44.580root 11241100x8000000000000000186396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e80f25da35245e2022-04-04 14:01:45.077root 11241100x8000000000000000186395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c567c381a7d126b2022-04-04 14:01:45.077root 11241100x8000000000000000186394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff3849061a4f4942022-04-04 14:01:45.077root 11241100x8000000000000000186393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fa6348dd455f3a2022-04-04 14:01:45.077root 11241100x8000000000000000186392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a73fe8ed258c6322022-04-04 14:01:45.077root 11241100x8000000000000000186391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d8c05b26014fbb2022-04-04 14:01:45.077root 11241100x8000000000000000186390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7693a38ca960f12022-04-04 14:01:45.077root 11241100x8000000000000000186408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11b35f7703f6632022-04-04 14:01:45.078root 11241100x8000000000000000186407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bc62a19e96ae552022-04-04 14:01:45.078root 11241100x8000000000000000186406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a05e6a5973f492022-04-04 14:01:45.078root 11241100x8000000000000000186405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447746fcdcb85f652022-04-04 14:01:45.078root 11241100x8000000000000000186404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5727ae89e31d63d92022-04-04 14:01:45.078root 11241100x8000000000000000186403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa574f4b5ad71bc2022-04-04 14:01:45.078root 11241100x8000000000000000186402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed8cd57e86816442022-04-04 14:01:45.078root 11241100x8000000000000000186401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea346bf175201a62022-04-04 14:01:45.078root 11241100x8000000000000000186400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87409053634085a12022-04-04 14:01:45.078root 11241100x8000000000000000186399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd358181a8c58b62022-04-04 14:01:45.078root 11241100x8000000000000000186398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7465051c3da4fba2022-04-04 14:01:45.078root 11241100x8000000000000000186397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05a638aafca9f7d2022-04-04 14:01:45.078root 11241100x8000000000000000186417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72e629c160865f22022-04-04 14:01:45.079root 11241100x8000000000000000186416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a672e3eb46357652022-04-04 14:01:45.079root 11241100x8000000000000000186415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f8a9bcf8b4ea6a2022-04-04 14:01:45.079root 11241100x8000000000000000186414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3b4c20ec27ba4c2022-04-04 14:01:45.079root 11241100x8000000000000000186413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bbc38e4494ca702022-04-04 14:01:45.079root 11241100x8000000000000000186412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf19cefeab61d4162022-04-04 14:01:45.079root 11241100x8000000000000000186411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3309069d9ccd39182022-04-04 14:01:45.079root 11241100x8000000000000000186410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c38c7577aa6b3df2022-04-04 14:01:45.079root 11241100x8000000000000000186409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde61a0df8c4b5a82022-04-04 14:01:45.079root 11241100x8000000000000000186427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1954f53a5d7cbfde2022-04-04 14:01:45.080root 11241100x8000000000000000186426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6fa1f2fed045af2022-04-04 14:01:45.080root 11241100x8000000000000000186425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc060831163da6ee2022-04-04 14:01:45.080root 11241100x8000000000000000186424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f3dd7efb60bc632022-04-04 14:01:45.080root 11241100x8000000000000000186423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdc1b5606e639fd2022-04-04 14:01:45.080root 11241100x8000000000000000186422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b303e30bef5f7c2022-04-04 14:01:45.080root 11241100x8000000000000000186421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3904e70f01f9242022-04-04 14:01:45.080root 11241100x8000000000000000186420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b9d577cc5f6d072022-04-04 14:01:45.080root 11241100x8000000000000000186419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f750a3fe5658bf12022-04-04 14:01:45.080root 11241100x8000000000000000186418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba8b234b21756cd2022-04-04 14:01:45.080root 11241100x8000000000000000186428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef0a2d0c87da32c2022-04-04 14:01:45.081root 11241100x8000000000000000186431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f628a65260ededf2022-04-04 14:01:45.576root 11241100x8000000000000000186430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30287f981063e86e2022-04-04 14:01:45.576root 11241100x8000000000000000186429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ffffda649798d52022-04-04 14:01:45.576root 11241100x8000000000000000186441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3deb01e22f692052022-04-04 14:01:45.577root 11241100x8000000000000000186440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045b12f1dc7d91722022-04-04 14:01:45.577root 11241100x8000000000000000186439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abd77348bdbe2892022-04-04 14:01:45.577root 11241100x8000000000000000186438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca24f50e6c5de6f2022-04-04 14:01:45.577root 11241100x8000000000000000186437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1560662357f93602022-04-04 14:01:45.577root 11241100x8000000000000000186436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8036dc45f5fa1e5c2022-04-04 14:01:45.577root 11241100x8000000000000000186435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e8045643550a0a2022-04-04 14:01:45.577root 11241100x8000000000000000186434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf844b679c7a6032022-04-04 14:01:45.577root 11241100x8000000000000000186433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cc6dd8d950a2382022-04-04 14:01:45.577root 11241100x8000000000000000186432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3e2d03d621e8f72022-04-04 14:01:45.577root 11241100x8000000000000000186449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6ac2e75b41b6e32022-04-04 14:01:45.578root 11241100x8000000000000000186448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7179cd70a93bf1b62022-04-04 14:01:45.578root 11241100x8000000000000000186447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ce176e2b1b6a862022-04-04 14:01:45.578root 11241100x8000000000000000186446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137ecb2178d489b02022-04-04 14:01:45.578root 11241100x8000000000000000186445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62494d7ea1ad4f652022-04-04 14:01:45.578root 11241100x8000000000000000186444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f99160640efc952022-04-04 14:01:45.578root 11241100x8000000000000000186443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a90aa6ce78735802022-04-04 14:01:45.578root 11241100x8000000000000000186442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d9aaaa55b9618e2022-04-04 14:01:45.578root 11241100x8000000000000000186458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a17e603f9d12122022-04-04 14:01:45.579root 11241100x8000000000000000186457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf2a4914816dd5e2022-04-04 14:01:45.579root 11241100x8000000000000000186456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bdacebc73737bc2022-04-04 14:01:45.579root 11241100x8000000000000000186455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbdadac151b9bc02022-04-04 14:01:45.579root 11241100x8000000000000000186454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519d8cc60e0a874d2022-04-04 14:01:45.579root 11241100x8000000000000000186453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d889cd2d11624cb2022-04-04 14:01:45.579root 11241100x8000000000000000186452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d9c5baf607eb7a2022-04-04 14:01:45.579root 11241100x8000000000000000186451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b59186b1c8a6572022-04-04 14:01:45.579root 11241100x8000000000000000186450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b051ab113ce5cc82022-04-04 14:01:45.579root 11241100x8000000000000000186469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54d3c625d5d50022022-04-04 14:01:45.580root 11241100x8000000000000000186468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdd979e2f8e37762022-04-04 14:01:45.580root 11241100x8000000000000000186467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c2e6daaf396b9a2022-04-04 14:01:45.580root 11241100x8000000000000000186466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abc2c3b08c05ccf2022-04-04 14:01:45.580root 11241100x8000000000000000186465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540ccde2620f192c2022-04-04 14:01:45.580root 11241100x8000000000000000186464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8792c9e5c7bc8d12022-04-04 14:01:45.580root 11241100x8000000000000000186463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8b546be9fb86a62022-04-04 14:01:45.580root 11241100x8000000000000000186462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6402a36a40b6d47b2022-04-04 14:01:45.580root 11241100x8000000000000000186461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58d0aab023f05b62022-04-04 14:01:45.580root 11241100x8000000000000000186460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2159c0172792d0882022-04-04 14:01:45.580root 11241100x8000000000000000186459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c8a382325b91ea2022-04-04 14:01:45.580root 11241100x8000000000000000186479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547fc7243d2a6f072022-04-04 14:01:45.581root 11241100x8000000000000000186478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ad626bab9aff0b2022-04-04 14:01:45.581root 11241100x8000000000000000186477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2d5258e11d2baa2022-04-04 14:01:45.581root 11241100x8000000000000000186476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6286632edaabc77a2022-04-04 14:01:45.581root 11241100x8000000000000000186475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2453f8d16c4e97af2022-04-04 14:01:45.581root 11241100x8000000000000000186474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4a69bf32a80faa2022-04-04 14:01:45.581root 11241100x8000000000000000186473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61664f92fb093c082022-04-04 14:01:45.581root 11241100x8000000000000000186472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146bf36e735530222022-04-04 14:01:45.581root 11241100x8000000000000000186471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a3ebe13dee1682022-04-04 14:01:45.581root 11241100x8000000000000000186470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57b10d368b7c14e2022-04-04 14:01:45.581root 11241100x8000000000000000186491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e312e67ad178132022-04-04 14:01:45.582root 11241100x8000000000000000186490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c23199feacd2e12022-04-04 14:01:45.582root 11241100x8000000000000000186489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466863e26d6b99c42022-04-04 14:01:45.582root 11241100x8000000000000000186488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89356253c460c4f2022-04-04 14:01:45.582root 11241100x8000000000000000186487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33185e1190ccccc42022-04-04 14:01:45.582root 11241100x8000000000000000186486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaab6074c78fdc72022-04-04 14:01:45.582root 11241100x8000000000000000186485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c056b73840cca42022-04-04 14:01:45.582root 11241100x8000000000000000186484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff314b69c142fbf2022-04-04 14:01:45.582root 11241100x8000000000000000186483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51eae802368b79c2022-04-04 14:01:45.582root 11241100x8000000000000000186482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62d35c33d0855a82022-04-04 14:01:45.582root 11241100x8000000000000000186481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a286d9623973222022-04-04 14:01:45.582root 11241100x8000000000000000186480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa8b72489f522272022-04-04 14:01:45.582root 11241100x8000000000000000186503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312f662d5f461ecc2022-04-04 14:01:45.583root 11241100x8000000000000000186502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfad2bb026f9e42022-04-04 14:01:45.583root 11241100x8000000000000000186501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4da2522858efbba2022-04-04 14:01:45.583root 11241100x8000000000000000186500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61037d468f1c5fb42022-04-04 14:01:45.583root 11241100x8000000000000000186499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e033cc10a7305b82022-04-04 14:01:45.583root 11241100x8000000000000000186498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feffb459699f3dcb2022-04-04 14:01:45.583root 11241100x8000000000000000186497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e371c8837a71b3152022-04-04 14:01:45.583root 11241100x8000000000000000186496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64bc22553e1a6622022-04-04 14:01:45.583root 11241100x8000000000000000186495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b253cd73e530f2022-04-04 14:01:45.583root 11241100x8000000000000000186494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c006f41e5a974c592022-04-04 14:01:45.583root 11241100x8000000000000000186493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23869412faf4bcbd2022-04-04 14:01:45.583root 11241100x8000000000000000186492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.583{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b95639e2b32dc62022-04-04 14:01:45.583root 11241100x8000000000000000186507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.584{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b620dede5633c3432022-04-04 14:01:45.584root 11241100x8000000000000000186506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.584{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ae018d00dd18562022-04-04 14:01:45.584root 11241100x8000000000000000186505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.584{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56a6649a5168dc62022-04-04 14:01:45.584root 11241100x8000000000000000186504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:45.584{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc73e1ca5e577732022-04-04 14:01:45.584root 11241100x8000000000000000186512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeae4fda6890f0932022-04-04 14:01:46.077root 11241100x8000000000000000186511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e327723b8bb6612022-04-04 14:01:46.077root 11241100x8000000000000000186510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88b57f29eb51d2c2022-04-04 14:01:46.077root 11241100x8000000000000000186509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9488fedfc430332022-04-04 14:01:46.077root 11241100x8000000000000000186508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc32dfe369f17322022-04-04 14:01:46.077root 11241100x8000000000000000186523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b34e9274e952f272022-04-04 14:01:46.078root 11241100x8000000000000000186522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820a52bee252037a2022-04-04 14:01:46.078root 11241100x8000000000000000186521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e0cea3ccced1492022-04-04 14:01:46.078root 11241100x8000000000000000186520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568b1415e41ea1462022-04-04 14:01:46.078root 11241100x8000000000000000186519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f3757fc02d7faf2022-04-04 14:01:46.078root 11241100x8000000000000000186518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7526c39985762b962022-04-04 14:01:46.078root 11241100x8000000000000000186517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddafb16cd628bb52022-04-04 14:01:46.078root 11241100x8000000000000000186516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06fc0e57224bb682022-04-04 14:01:46.078root 11241100x8000000000000000186515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b51f5129c6e76d02022-04-04 14:01:46.078root 11241100x8000000000000000186514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94bac6a161a38232022-04-04 14:01:46.078root 11241100x8000000000000000186513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6654157f8354232022-04-04 14:01:46.078root 11241100x8000000000000000186534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27ba246a3de93f42022-04-04 14:01:46.079root 11241100x8000000000000000186533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bb2b400d13f30c2022-04-04 14:01:46.079root 11241100x8000000000000000186532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9b1a70a52103e42022-04-04 14:01:46.079root 11241100x8000000000000000186531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5d8fb508a8e10f2022-04-04 14:01:46.079root 11241100x8000000000000000186530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13003b7fdff3a09d2022-04-04 14:01:46.079root 11241100x8000000000000000186529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda3982b5897c5e72022-04-04 14:01:46.079root 11241100x8000000000000000186528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc045bb3db95ea2022-04-04 14:01:46.079root 11241100x8000000000000000186527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2df5b2f8d7bed112022-04-04 14:01:46.079root 11241100x8000000000000000186526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d64c1d249f463432022-04-04 14:01:46.079root 11241100x8000000000000000186525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84caab021d87bf802022-04-04 14:01:46.079root 11241100x8000000000000000186524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2f2524354e38df2022-04-04 14:01:46.079root 11241100x8000000000000000186544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4245e5947747ffb2022-04-04 14:01:46.080root 11241100x8000000000000000186543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b00aedf59a8dc6f2022-04-04 14:01:46.080root 11241100x8000000000000000186542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a270790c987a16d2022-04-04 14:01:46.080root 11241100x8000000000000000186541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab7693179c1e35d2022-04-04 14:01:46.080root 11241100x8000000000000000186540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f53f2f9b2da37f2022-04-04 14:01:46.080root 11241100x8000000000000000186539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091b2288ab0ef63b2022-04-04 14:01:46.080root 11241100x8000000000000000186538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b6d4c0efa3ad652022-04-04 14:01:46.080root 11241100x8000000000000000186537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aeb010861de3892022-04-04 14:01:46.080root 11241100x8000000000000000186536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b72dff24a75d3e22022-04-04 14:01:46.080root 11241100x8000000000000000186535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344ec3dec0661c042022-04-04 14:01:46.080root 11241100x8000000000000000186545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1b2d5d2b42ed9e2022-04-04 14:01:46.081root 11241100x8000000000000000186549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dea0dc9aa30d172022-04-04 14:01:46.577root 11241100x8000000000000000186548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50124ba29886a6962022-04-04 14:01:46.577root 11241100x8000000000000000186547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720604440c77da532022-04-04 14:01:46.577root 11241100x8000000000000000186546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d747d5f9d57fa08b2022-04-04 14:01:46.577root 11241100x8000000000000000186555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b95f73b9cd5c68c2022-04-04 14:01:46.578root 11241100x8000000000000000186554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f573c5d6ba30f6e2022-04-04 14:01:46.578root 11241100x8000000000000000186553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4346bf4c4389138f2022-04-04 14:01:46.578root 11241100x8000000000000000186552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1bcc0e981053c82022-04-04 14:01:46.578root 11241100x8000000000000000186551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd209bf413b4bc002022-04-04 14:01:46.578root 11241100x8000000000000000186550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3172d6d01a50d52022-04-04 14:01:46.578root 11241100x8000000000000000186565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351776eacdeebb2e2022-04-04 14:01:46.579root 11241100x8000000000000000186564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb42599af43c45fc2022-04-04 14:01:46.579root 11241100x8000000000000000186563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de13d03eeeba37f72022-04-04 14:01:46.579root 11241100x8000000000000000186562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d218d262554a4adb2022-04-04 14:01:46.579root 11241100x8000000000000000186561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe061fa0253a8bf2022-04-04 14:01:46.579root 11241100x8000000000000000186560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d16d6e189be7bc2022-04-04 14:01:46.579root 11241100x8000000000000000186559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97dddae599a3e662022-04-04 14:01:46.579root 11241100x8000000000000000186558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f5d2b302313c672022-04-04 14:01:46.579root 11241100x8000000000000000186557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b5f593a7d6c4462022-04-04 14:01:46.579root 11241100x8000000000000000186556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982011a1c21b83e22022-04-04 14:01:46.579root 11241100x8000000000000000186575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90c192f168eaf5e2022-04-04 14:01:46.580root 11241100x8000000000000000186574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8400f9e6ac648872022-04-04 14:01:46.580root 11241100x8000000000000000186573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d920a576b96966d62022-04-04 14:01:46.580root 11241100x8000000000000000186572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e867801c7a6e032022-04-04 14:01:46.580root 11241100x8000000000000000186571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d2c3f6d1c1368b2022-04-04 14:01:46.580root 11241100x8000000000000000186570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ed4eb9dcc26d72022-04-04 14:01:46.580root 11241100x8000000000000000186569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5e1fb010053a012022-04-04 14:01:46.580root 11241100x8000000000000000186568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96734b66885199a62022-04-04 14:01:46.580root 11241100x8000000000000000186567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2410d7abf99c582022-04-04 14:01:46.580root 11241100x8000000000000000186566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfdd932d7ceb45b2022-04-04 14:01:46.580root 11241100x8000000000000000186584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4be405000879872022-04-04 14:01:46.581root 11241100x8000000000000000186583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79763c6eefd7bb1f2022-04-04 14:01:46.581root 11241100x8000000000000000186582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a473c12b1a93cce92022-04-04 14:01:46.581root 11241100x8000000000000000186581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9593520b229687632022-04-04 14:01:46.581root 11241100x8000000000000000186580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309af3489188b0362022-04-04 14:01:46.581root 11241100x8000000000000000186579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9c0c8260bb458d2022-04-04 14:01:46.581root 11241100x8000000000000000186578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b6f493e4a9f84f2022-04-04 14:01:46.581root 11241100x8000000000000000186577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38703e1461265f92022-04-04 14:01:46.581root 11241100x8000000000000000186576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:46.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7d68fbba9d7a1e2022-04-04 14:01:46.581root 11241100x8000000000000000186588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af43507c4325bc22022-04-04 14:01:47.077root 11241100x8000000000000000186587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df2c3dbe7a55c1d2022-04-04 14:01:47.077root 11241100x8000000000000000186586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44334e8b5ce2015a2022-04-04 14:01:47.077root 11241100x8000000000000000186585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192cbac9b46540962022-04-04 14:01:47.077root 11241100x8000000000000000186601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88959db09350f67e2022-04-04 14:01:47.078root 11241100x8000000000000000186600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23a1383217666fe2022-04-04 14:01:47.078root 11241100x8000000000000000186599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc39a4acdc8ac3d2022-04-04 14:01:47.078root 11241100x8000000000000000186598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74ec21618480a212022-04-04 14:01:47.078root 11241100x8000000000000000186597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527155b967d9f2f22022-04-04 14:01:47.078root 11241100x8000000000000000186596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550523ca754c8a812022-04-04 14:01:47.078root 11241100x8000000000000000186595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3321754da577ba12022-04-04 14:01:47.078root 11241100x8000000000000000186594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52daa144227706022022-04-04 14:01:47.078root 11241100x8000000000000000186593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f70623fde07a7192022-04-04 14:01:47.078root 11241100x8000000000000000186592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191df39b5540fd882022-04-04 14:01:47.078root 11241100x8000000000000000186591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0c88e9059c0a372022-04-04 14:01:47.078root 11241100x8000000000000000186590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e06d198a80aafc2022-04-04 14:01:47.078root 11241100x8000000000000000186589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ce231ec5d5cc392022-04-04 14:01:47.078root 11241100x8000000000000000186616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d07992db4e6f3fe2022-04-04 14:01:47.079root 11241100x8000000000000000186615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f0a461954daf7a2022-04-04 14:01:47.079root 11241100x8000000000000000186614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7800f49e65bccebf2022-04-04 14:01:47.079root 11241100x8000000000000000186613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531f9569060f95742022-04-04 14:01:47.079root 11241100x8000000000000000186612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1cb88611c440b72022-04-04 14:01:47.079root 11241100x8000000000000000186611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aae34807180aa2b2022-04-04 14:01:47.079root 11241100x8000000000000000186610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602cc7c58e4990332022-04-04 14:01:47.079root 11241100x8000000000000000186609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4af1a0e4af31af2022-04-04 14:01:47.079root 11241100x8000000000000000186608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04db5ca989a9612022-04-04 14:01:47.079root 11241100x8000000000000000186607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14466b62d522b55c2022-04-04 14:01:47.079root 11241100x8000000000000000186606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4335091828196ff22022-04-04 14:01:47.079root 11241100x8000000000000000186605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9594243ae65d33d82022-04-04 14:01:47.079root 11241100x8000000000000000186604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e97aa535994cbfe2022-04-04 14:01:47.079root 11241100x8000000000000000186603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7658ddfc607f8d652022-04-04 14:01:47.079root 11241100x8000000000000000186602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db0e0fb6fa6d112022-04-04 14:01:47.079root 11241100x8000000000000000186623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1214991b7bf81422022-04-04 14:01:47.080root 11241100x8000000000000000186622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afe9491edfa07122022-04-04 14:01:47.080root 11241100x8000000000000000186621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5032efda4ff20a2022-04-04 14:01:47.080root 11241100x8000000000000000186620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19580a71f06bd5d12022-04-04 14:01:47.080root 11241100x8000000000000000186619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41936cf3b719996e2022-04-04 14:01:47.080root 11241100x8000000000000000186618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ce463a97127b152022-04-04 14:01:47.080root 11241100x8000000000000000186617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa0e16a4ac565892022-04-04 14:01:47.080root 354300x8000000000000000186624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.199{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34470-false10.0.1.12-8000- 11241100x8000000000000000186626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af813afa0a7ccad2022-04-04 14:01:47.576root 11241100x8000000000000000186625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.576{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc35fa5a361f23b42022-04-04 14:01:47.576root 11241100x8000000000000000186637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958c6edba76ff8d2022-04-04 14:01:47.577root 11241100x8000000000000000186636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74163acf7a2dc3c02022-04-04 14:01:47.577root 11241100x8000000000000000186635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96098abbe52f14f2022-04-04 14:01:47.577root 11241100x8000000000000000186634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c921bf5bd402b9e2022-04-04 14:01:47.577root 11241100x8000000000000000186633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c9a8371f1894b02022-04-04 14:01:47.577root 11241100x8000000000000000186632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e61fa10e8dbe002022-04-04 14:01:47.577root 11241100x8000000000000000186631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae71d878481e4912022-04-04 14:01:47.577root 11241100x8000000000000000186630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d829c8b813c99d2022-04-04 14:01:47.577root 11241100x8000000000000000186629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2e6cf60e8477032022-04-04 14:01:47.577root 11241100x8000000000000000186628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6df95f24c342b22022-04-04 14:01:47.577root 11241100x8000000000000000186627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7269492d1ccb1cd2022-04-04 14:01:47.577root 11241100x8000000000000000186648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d05b73daad280a2022-04-04 14:01:47.578root 11241100x8000000000000000186647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c68c239849c7c82022-04-04 14:01:47.578root 11241100x8000000000000000186646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f40d407b867dd42022-04-04 14:01:47.578root 11241100x8000000000000000186645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9b7e1309b201d12022-04-04 14:01:47.578root 11241100x8000000000000000186644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354db85397e7742f2022-04-04 14:01:47.578root 11241100x8000000000000000186643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6e996ff6c26772022-04-04 14:01:47.578root 11241100x8000000000000000186642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e3c8365207be082022-04-04 14:01:47.578root 11241100x8000000000000000186641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d302e0c92334aa2022-04-04 14:01:47.578root 11241100x8000000000000000186640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7888e7e3b15b5fe02022-04-04 14:01:47.578root 11241100x8000000000000000186639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718375aa1ad43b732022-04-04 14:01:47.578root 11241100x8000000000000000186638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27effdba964c09f2022-04-04 14:01:47.578root 11241100x8000000000000000186654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a27f2433786d76f2022-04-04 14:01:47.579root 11241100x8000000000000000186653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed493f314cc74f492022-04-04 14:01:47.579root 11241100x8000000000000000186652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e535fcc1f43287132022-04-04 14:01:47.579root 11241100x8000000000000000186651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660b6bcf46882f962022-04-04 14:01:47.579root 11241100x8000000000000000186650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25baa04eafd42ab12022-04-04 14:01:47.579root 11241100x8000000000000000186649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfeb80acdcf0787c2022-04-04 14:01:47.579root 11241100x8000000000000000186656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaa7d1281a3b8bb2022-04-04 14:01:47.580root 11241100x8000000000000000186655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf272b0ef91ad6eb2022-04-04 14:01:47.580root 11241100x8000000000000000186660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a9ff97860e085c2022-04-04 14:01:47.581root 11241100x8000000000000000186659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794144d20d7c20392022-04-04 14:01:47.581root 11241100x8000000000000000186658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971f4afe46b75702022-04-04 14:01:47.581root 11241100x8000000000000000186657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a61ddf40b56638e2022-04-04 14:01:47.581root 11241100x8000000000000000186667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb412f62937e9cb2022-04-04 14:01:47.582root 11241100x8000000000000000186666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f7d9d67fa06332022-04-04 14:01:47.582root 11241100x8000000000000000186665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657c2132c5df119b2022-04-04 14:01:47.582root 11241100x8000000000000000186664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741b36dc9c1368a02022-04-04 14:01:47.582root 11241100x8000000000000000186663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16150a3e2a0f1aa2022-04-04 14:01:47.582root 11241100x8000000000000000186662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fa1fd4547c4c9d2022-04-04 14:01:47.582root 11241100x8000000000000000186661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:47.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84096efa5df026102022-04-04 14:01:47.582root 11241100x8000000000000000186669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f9a47c2c007ac92022-04-04 14:01:48.076root 11241100x8000000000000000186668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cb35d9453dd0962022-04-04 14:01:48.076root 11241100x8000000000000000186681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce17423ac9bb8f5c2022-04-04 14:01:48.077root 11241100x8000000000000000186680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613dd61652bc680a2022-04-04 14:01:48.077root 11241100x8000000000000000186679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98f3e3fc78383ad2022-04-04 14:01:48.077root 11241100x8000000000000000186678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752cd0aed74e26c52022-04-04 14:01:48.077root 11241100x8000000000000000186677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b8dd66d08392422022-04-04 14:01:48.077root 11241100x8000000000000000186676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9ef498608f134c2022-04-04 14:01:48.077root 11241100x8000000000000000186675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4bf6e28f669c142022-04-04 14:01:48.077root 11241100x8000000000000000186674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e5d30500c27b552022-04-04 14:01:48.077root 11241100x8000000000000000186673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7f28358145aacb2022-04-04 14:01:48.077root 11241100x8000000000000000186672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466bb7df77895b052022-04-04 14:01:48.077root 11241100x8000000000000000186671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ca42db869641b52022-04-04 14:01:48.077root 11241100x8000000000000000186670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e6973e306c6f282022-04-04 14:01:48.077root 11241100x8000000000000000186692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b715019bbc0483792022-04-04 14:01:48.078root 11241100x8000000000000000186691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be73fa10a5dccc62022-04-04 14:01:48.078root 11241100x8000000000000000186690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a129e84a34898282022-04-04 14:01:48.078root 11241100x8000000000000000186689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdad3b48912b2c4f2022-04-04 14:01:48.078root 11241100x8000000000000000186688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deb516881c48bbb2022-04-04 14:01:48.078root 11241100x8000000000000000186687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeb0efe3fb8fd632022-04-04 14:01:48.078root 11241100x8000000000000000186686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0495c07726b91b2c2022-04-04 14:01:48.078root 11241100x8000000000000000186685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75f0905f6374f4a2022-04-04 14:01:48.078root 11241100x8000000000000000186684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4bd1e879a658412022-04-04 14:01:48.078root 11241100x8000000000000000186683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bb17f1603ce1992022-04-04 14:01:48.078root 11241100x8000000000000000186682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0af4a8d1fbf6bf82022-04-04 14:01:48.078root 11241100x8000000000000000186707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d0b5e73f5c83382022-04-04 14:01:48.079root 11241100x8000000000000000186706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4e857171dc76f42022-04-04 14:01:48.079root 11241100x8000000000000000186705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ec4d5c48c839ee2022-04-04 14:01:48.079root 11241100x8000000000000000186704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f12a2663d51992022-04-04 14:01:48.079root 11241100x8000000000000000186703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d440336ce586d8ca2022-04-04 14:01:48.079root 11241100x8000000000000000186702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c17d2a0605d7132022-04-04 14:01:48.079root 11241100x8000000000000000186701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b80a1320d6cab72022-04-04 14:01:48.079root 11241100x8000000000000000186700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade1516d141960f2022-04-04 14:01:48.079root 11241100x8000000000000000186699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20049582a0f2d02f2022-04-04 14:01:48.079root 11241100x8000000000000000186698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a6a33934748c8a2022-04-04 14:01:48.079root 11241100x8000000000000000186697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136f6286dda7aa5c2022-04-04 14:01:48.079root 11241100x8000000000000000186696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f87eed9a8e890f42022-04-04 14:01:48.079root 11241100x8000000000000000186695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a830fe5b6e2669452022-04-04 14:01:48.079root 11241100x8000000000000000186694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee71cf6deb9adc6d2022-04-04 14:01:48.079root 11241100x8000000000000000186693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c801b6cf7884682022-04-04 14:01:48.079root 11241100x8000000000000000186719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb09ea172cc503e2022-04-04 14:01:48.080root 11241100x8000000000000000186718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88aa6b203edc11e2022-04-04 14:01:48.080root 11241100x8000000000000000186717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636169e2746a5ffa2022-04-04 14:01:48.080root 11241100x8000000000000000186716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b10307cae97f142022-04-04 14:01:48.080root 11241100x8000000000000000186715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ca05d6c15ab842022-04-04 14:01:48.080root 11241100x8000000000000000186714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3975dabd9786222022-04-04 14:01:48.080root 11241100x8000000000000000186713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36781ef3e20c8e4b2022-04-04 14:01:48.080root 11241100x8000000000000000186712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc777b7fb38b541b2022-04-04 14:01:48.080root 11241100x8000000000000000186711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36224269972e2df2022-04-04 14:01:48.080root 11241100x8000000000000000186710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e54af688b8ef88b2022-04-04 14:01:48.080root 11241100x8000000000000000186709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec49b98e68bd73ee2022-04-04 14:01:48.080root 11241100x8000000000000000186708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb3757a40a1e132022-04-04 14:01:48.080root 11241100x8000000000000000186729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6ddef1ce15b42e2022-04-04 14:01:48.081root 11241100x8000000000000000186728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6577215542b500492022-04-04 14:01:48.081root 11241100x8000000000000000186727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af63f5f25603364a2022-04-04 14:01:48.081root 11241100x8000000000000000186726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba261962be7ccc692022-04-04 14:01:48.081root 11241100x8000000000000000186725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27de8b90ef7754ab2022-04-04 14:01:48.081root 11241100x8000000000000000186724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbec3ec7f2326b272022-04-04 14:01:48.081root 11241100x8000000000000000186723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc18520666b079c2022-04-04 14:01:48.081root 11241100x8000000000000000186722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8801d0b78dca4762022-04-04 14:01:48.081root 11241100x8000000000000000186721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30449238ef773fdb2022-04-04 14:01:48.081root 11241100x8000000000000000186720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6e441bddee0c72022-04-04 14:01:48.081root 11241100x8000000000000000186738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff126d8ca766aa362022-04-04 14:01:48.577root 11241100x8000000000000000186737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bab86b7e7046ee2022-04-04 14:01:48.577root 11241100x8000000000000000186736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b5f90383ec68d2022-04-04 14:01:48.577root 11241100x8000000000000000186735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7835644eb392b52022-04-04 14:01:48.577root 11241100x8000000000000000186734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c598fb62db6639cb2022-04-04 14:01:48.577root 11241100x8000000000000000186733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f7ecb6039646732022-04-04 14:01:48.577root 11241100x8000000000000000186732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed84c29b5804a4d2022-04-04 14:01:48.577root 11241100x8000000000000000186731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f6fba1776944652022-04-04 14:01:48.577root 11241100x8000000000000000186730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eedc8a224767d02022-04-04 14:01:48.577root 11241100x8000000000000000186753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a9f9697e04c4a2022-04-04 14:01:48.578root 11241100x8000000000000000186752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb19ac65623064c2022-04-04 14:01:48.578root 11241100x8000000000000000186751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7432ecd60c32302022-04-04 14:01:48.578root 11241100x8000000000000000186750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bd054cffeec9f62022-04-04 14:01:48.578root 11241100x8000000000000000186749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7f1f72d08c28982022-04-04 14:01:48.578root 11241100x8000000000000000186748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8d91e9cd5c7c872022-04-04 14:01:48.578root 11241100x8000000000000000186747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942218f80a37d28b2022-04-04 14:01:48.578root 11241100x8000000000000000186746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ae2f52bc58ea632022-04-04 14:01:48.578root 11241100x8000000000000000186745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f82502b435525b2022-04-04 14:01:48.578root 11241100x8000000000000000186744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488443381295e82c2022-04-04 14:01:48.578root 11241100x8000000000000000186743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80b5f065dbaecdd2022-04-04 14:01:48.578root 11241100x8000000000000000186742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909dad7388fb2f912022-04-04 14:01:48.578root 11241100x8000000000000000186741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1151305fe140f35d2022-04-04 14:01:48.578root 11241100x8000000000000000186740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e73d550c4990b02022-04-04 14:01:48.578root 11241100x8000000000000000186739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f79fb61ec7e4792022-04-04 14:01:48.578root 11241100x8000000000000000186768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63aff890a508df72022-04-04 14:01:48.579root 11241100x8000000000000000186767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e55cec41ea08a432022-04-04 14:01:48.579root 11241100x8000000000000000186766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fe2f9c77a109e12022-04-04 14:01:48.579root 11241100x8000000000000000186765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70ef0f0d080675f2022-04-04 14:01:48.579root 11241100x8000000000000000186764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3898b2e5d8995dd2022-04-04 14:01:48.579root 11241100x8000000000000000186763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1afac2f651322392022-04-04 14:01:48.579root 11241100x8000000000000000186762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0523d1d6f68a66ec2022-04-04 14:01:48.579root 11241100x8000000000000000186761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8e79a6134d67eb2022-04-04 14:01:48.579root 11241100x8000000000000000186760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f2223e7642984b2022-04-04 14:01:48.579root 11241100x8000000000000000186759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e98c170bef825ca2022-04-04 14:01:48.579root 11241100x8000000000000000186758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f4582c7ac3f28b2022-04-04 14:01:48.579root 11241100x8000000000000000186757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07f6f3138a9e7e52022-04-04 14:01:48.579root 11241100x8000000000000000186756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f858b0317a0344932022-04-04 14:01:48.579root 11241100x8000000000000000186755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709212c3764410c72022-04-04 14:01:48.579root 11241100x8000000000000000186754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8831f45825a6100b2022-04-04 14:01:48.579root 11241100x8000000000000000186774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b695fd7a37e05c22022-04-04 14:01:48.580root 11241100x8000000000000000186773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f0d94e1e467b9a2022-04-04 14:01:48.580root 11241100x8000000000000000186772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd284b6736e7e55a2022-04-04 14:01:48.580root 11241100x8000000000000000186771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ec8225c80fa7292022-04-04 14:01:48.580root 11241100x8000000000000000186770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b33789eb5ba42902022-04-04 14:01:48.580root 11241100x8000000000000000186769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:48.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0f9cebd7ee2f862022-04-04 14:01:48.580root 11241100x8000000000000000186777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2879bea73c277cf12022-04-04 14:01:49.076root 11241100x8000000000000000186776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a6c4e113c5c6f62022-04-04 14:01:49.076root 11241100x8000000000000000186775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cbf603697f804f2022-04-04 14:01:49.076root 11241100x8000000000000000186791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886a331b3e118b652022-04-04 14:01:49.077root 11241100x8000000000000000186790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a69f906eb514a72022-04-04 14:01:49.077root 11241100x8000000000000000186789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e2527a9d8edcf42022-04-04 14:01:49.077root 11241100x8000000000000000186788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b7884620076ea52022-04-04 14:01:49.077root 11241100x8000000000000000186787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f34cac6a75875e42022-04-04 14:01:49.077root 11241100x8000000000000000186786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ebdc46d77b967d2022-04-04 14:01:49.077root 11241100x8000000000000000186785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21529fe183f2c8332022-04-04 14:01:49.077root 11241100x8000000000000000186784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fe7221058a7c432022-04-04 14:01:49.077root 11241100x8000000000000000186783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a93086f3c3f01c2022-04-04 14:01:49.077root 11241100x8000000000000000186782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463eec69839464e22022-04-04 14:01:49.077root 11241100x8000000000000000186781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb640d1529e07752022-04-04 14:01:49.077root 11241100x8000000000000000186780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa858ac753885be2022-04-04 14:01:49.077root 11241100x8000000000000000186779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32c01e92e8dd6432022-04-04 14:01:49.077root 11241100x8000000000000000186778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394a318733b3506e2022-04-04 14:01:49.077root 11241100x8000000000000000186806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3ab38b12112f3d2022-04-04 14:01:49.078root 11241100x8000000000000000186805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf7924df95c5dd42022-04-04 14:01:49.078root 11241100x8000000000000000186804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa036bf9ef44a0af2022-04-04 14:01:49.078root 11241100x8000000000000000186803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b2816343320832022-04-04 14:01:49.078root 11241100x8000000000000000186802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36fe2b0515455482022-04-04 14:01:49.078root 11241100x8000000000000000186801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd6d54495e1b35b2022-04-04 14:01:49.078root 11241100x8000000000000000186800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28321c2c7a7438c2022-04-04 14:01:49.078root 11241100x8000000000000000186799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957a73c7caf0775f2022-04-04 14:01:49.078root 11241100x8000000000000000186798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e6020e610926142022-04-04 14:01:49.078root 11241100x8000000000000000186797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e418cb9cb277ce2022-04-04 14:01:49.078root 11241100x8000000000000000186796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6b7a20029f61c92022-04-04 14:01:49.078root 11241100x8000000000000000186795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62d187a5a8eaa4e2022-04-04 14:01:49.078root 11241100x8000000000000000186794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5062f3854f25127a2022-04-04 14:01:49.078root 11241100x8000000000000000186793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa35672687dd0cb22022-04-04 14:01:49.078root 11241100x8000000000000000186792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1f8aa734acae4d2022-04-04 14:01:49.078root 11241100x8000000000000000186822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896ea43b6eb0c3002022-04-04 14:01:49.079root 11241100x8000000000000000186821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91cf783abc82c9d2022-04-04 14:01:49.079root 11241100x8000000000000000186820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e385f58d67262c8d2022-04-04 14:01:49.079root 11241100x8000000000000000186819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79f3c516f162ee42022-04-04 14:01:49.079root 11241100x8000000000000000186818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bd54c789de495a2022-04-04 14:01:49.079root 11241100x8000000000000000186817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655de4e6cdf9d4212022-04-04 14:01:49.079root 11241100x8000000000000000186816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18296b3c64593ad2022-04-04 14:01:49.079root 11241100x8000000000000000186815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38d643c77eda082022-04-04 14:01:49.079root 11241100x8000000000000000186814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc457ae71334b0df2022-04-04 14:01:49.079root 11241100x8000000000000000186813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcfd22c1f6791af2022-04-04 14:01:49.079root 11241100x8000000000000000186812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0476745479d00a92022-04-04 14:01:49.079root 11241100x8000000000000000186811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f407151f7dfd7082022-04-04 14:01:49.079root 11241100x8000000000000000186810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64960e77e0a8d1a52022-04-04 14:01:49.079root 11241100x8000000000000000186809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e356ddc7086e512022-04-04 14:01:49.079root 11241100x8000000000000000186808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3985c23f2848222022-04-04 14:01:49.079root 11241100x8000000000000000186807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a7aa8cb515ce2a2022-04-04 14:01:49.079root 11241100x8000000000000000186828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50175ff27a51c092022-04-04 14:01:49.080root 11241100x8000000000000000186827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1303155ce3c3292022-04-04 14:01:49.080root 11241100x8000000000000000186826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d33679291633162022-04-04 14:01:49.080root 11241100x8000000000000000186825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7e667d8237b8f52022-04-04 14:01:49.080root 11241100x8000000000000000186824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3246dbfe96ffea52022-04-04 14:01:49.080root 11241100x8000000000000000186823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c254549b1eb1b42022-04-04 14:01:49.080root 11241100x8000000000000000186840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a7ef360d8755112022-04-04 14:01:49.577root 11241100x8000000000000000186839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ced074f812f5192022-04-04 14:01:49.577root 11241100x8000000000000000186838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03afbd087c1c4ac92022-04-04 14:01:49.577root 11241100x8000000000000000186837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9781c94e3e4842932022-04-04 14:01:49.577root 11241100x8000000000000000186836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc930aeabde88e5d2022-04-04 14:01:49.577root 11241100x8000000000000000186835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d348d4f93263bb2022-04-04 14:01:49.577root 11241100x8000000000000000186834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7b1c64b2dc37562022-04-04 14:01:49.577root 11241100x8000000000000000186833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7341ea09073b21e2022-04-04 14:01:49.577root 11241100x8000000000000000186832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a409265e2b642fd82022-04-04 14:01:49.577root 11241100x8000000000000000186831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37233bad57d7dfc2022-04-04 14:01:49.577root 11241100x8000000000000000186830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd0c8bebc6738b02022-04-04 14:01:49.577root 11241100x8000000000000000186829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a473f5802ed0d4582022-04-04 14:01:49.577root 11241100x8000000000000000186854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b51e2c0ae5a132c2022-04-04 14:01:49.578root 11241100x8000000000000000186853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4264acb4925b292022-04-04 14:01:49.578root 11241100x8000000000000000186852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce717daf2be1089d2022-04-04 14:01:49.578root 11241100x8000000000000000186851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec5adf5ef29768c2022-04-04 14:01:49.578root 11241100x8000000000000000186850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaab3bc54c26fc42022-04-04 14:01:49.578root 11241100x8000000000000000186849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a000bef8d4d1e5dd2022-04-04 14:01:49.578root 11241100x8000000000000000186848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387767a72290df092022-04-04 14:01:49.578root 11241100x8000000000000000186847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e964698201a8b82022-04-04 14:01:49.578root 11241100x8000000000000000186846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9fa0ab4b1382912022-04-04 14:01:49.578root 11241100x8000000000000000186845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aebdac9bb3c656e2022-04-04 14:01:49.578root 11241100x8000000000000000186844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95be4880a3b3c27d2022-04-04 14:01:49.578root 11241100x8000000000000000186843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901e5a9b4868130f2022-04-04 14:01:49.578root 11241100x8000000000000000186842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285e3620996c80f22022-04-04 14:01:49.578root 11241100x8000000000000000186841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066c4cfb648a0ed42022-04-04 14:01:49.578root 11241100x8000000000000000186864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57360d430221d8a2022-04-04 14:01:49.579root 11241100x8000000000000000186863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b45d203958e8592022-04-04 14:01:49.579root 11241100x8000000000000000186862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d8677b69eaa2132022-04-04 14:01:49.579root 11241100x8000000000000000186861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6461bafb9e33c2312022-04-04 14:01:49.579root 11241100x8000000000000000186860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b6b0be26235fee2022-04-04 14:01:49.579root 11241100x8000000000000000186859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f91d966ec5da4b12022-04-04 14:01:49.579root 11241100x8000000000000000186858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ca47d1fb37bd772022-04-04 14:01:49.579root 11241100x8000000000000000186857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2544ce6c959327c52022-04-04 14:01:49.579root 11241100x8000000000000000186856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7877a55d7c92ee2022-04-04 14:01:49.579root 11241100x8000000000000000186855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb44fb1a2fb75a652022-04-04 14:01:49.579root 11241100x8000000000000000186873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9dbb3443f4a48b2022-04-04 14:01:49.580root 11241100x8000000000000000186872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ca172f23adb7d02022-04-04 14:01:49.580root 11241100x8000000000000000186871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a486030499638cb12022-04-04 14:01:49.580root 11241100x8000000000000000186870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efe0144021bfde62022-04-04 14:01:49.580root 11241100x8000000000000000186869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df56c3ad5c59f7202022-04-04 14:01:49.580root 11241100x8000000000000000186868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebfdb7f193c46ba2022-04-04 14:01:49.580root 11241100x8000000000000000186867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b32046487870d42022-04-04 14:01:49.580root 11241100x8000000000000000186866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109423ffc029b0812022-04-04 14:01:49.580root 11241100x8000000000000000186865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:49.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcad13badf6068e2022-04-04 14:01:49.580root 11241100x8000000000000000186875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42136df8e65242012022-04-04 14:01:50.076root 11241100x8000000000000000186874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c36b552624998c2022-04-04 14:01:50.076root 11241100x8000000000000000186885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a27809f1800d12022-04-04 14:01:50.077root 11241100x8000000000000000186884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d99ac69dac4c1ba2022-04-04 14:01:50.077root 11241100x8000000000000000186883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6738410958f79d1e2022-04-04 14:01:50.077root 11241100x8000000000000000186882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d8d4e624d7f3a62022-04-04 14:01:50.077root 11241100x8000000000000000186881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bb03b9d4f141732022-04-04 14:01:50.077root 11241100x8000000000000000186880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389980ca4611c0142022-04-04 14:01:50.077root 11241100x8000000000000000186879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4429e75e9eeed22022-04-04 14:01:50.077root 11241100x8000000000000000186878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc24df65dc9c7582022-04-04 14:01:50.077root 11241100x8000000000000000186877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c537f6bbc68049c02022-04-04 14:01:50.077root 11241100x8000000000000000186876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386a3ae19a638ad52022-04-04 14:01:50.077root 11241100x8000000000000000186897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011090384a8fdc12022-04-04 14:01:50.078root 11241100x8000000000000000186896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afe4c6762ae09452022-04-04 14:01:50.078root 11241100x8000000000000000186895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a6188a2c4ef232022-04-04 14:01:50.078root 11241100x8000000000000000186894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c944253b2c770d222022-04-04 14:01:50.078root 11241100x8000000000000000186893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea331abb0b193902022-04-04 14:01:50.078root 11241100x8000000000000000186892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cf507aab0bbeb72022-04-04 14:01:50.078root 11241100x8000000000000000186891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ff81f496f408f82022-04-04 14:01:50.078root 11241100x8000000000000000186890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9f4848df68b61b2022-04-04 14:01:50.078root 11241100x8000000000000000186889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a2594ee046796f2022-04-04 14:01:50.078root 11241100x8000000000000000186888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bea4fa8b08eb6172022-04-04 14:01:50.078root 11241100x8000000000000000186887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e1a773ab6e3b7e2022-04-04 14:01:50.078root 11241100x8000000000000000186886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7550357e4e9b8fb42022-04-04 14:01:50.078root 11241100x8000000000000000186907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dcc2075d28537b2022-04-04 14:01:50.079root 11241100x8000000000000000186906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1df19846038962022-04-04 14:01:50.079root 11241100x8000000000000000186905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445593d311e39a102022-04-04 14:01:50.079root 11241100x8000000000000000186904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992b12aa217594492022-04-04 14:01:50.079root 11241100x8000000000000000186903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440b478504bb9b582022-04-04 14:01:50.079root 11241100x8000000000000000186902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795e01ac4b9d07412022-04-04 14:01:50.079root 11241100x8000000000000000186901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba723ce23d4ff9a2022-04-04 14:01:50.079root 11241100x8000000000000000186900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e5ed003fa3a4142022-04-04 14:01:50.079root 11241100x8000000000000000186899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1dda9b4b9502d42022-04-04 14:01:50.079root 11241100x8000000000000000186898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82cbc4215a6b6b02022-04-04 14:01:50.079root 11241100x8000000000000000186918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b79a5f06dfe8562022-04-04 14:01:50.080root 11241100x8000000000000000186917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d772704e70a08f72022-04-04 14:01:50.080root 11241100x8000000000000000186916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a2820a82a091882022-04-04 14:01:50.080root 11241100x8000000000000000186915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907b55e1cb6297d42022-04-04 14:01:50.080root 11241100x8000000000000000186914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f6321de6f8f30e2022-04-04 14:01:50.080root 11241100x8000000000000000186913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0828ad3b6a501d1f2022-04-04 14:01:50.080root 11241100x8000000000000000186912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389f1d71beeba35d2022-04-04 14:01:50.080root 11241100x8000000000000000186911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aec9db06844e4e2022-04-04 14:01:50.080root 11241100x8000000000000000186910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16737f8ec8ab03572022-04-04 14:01:50.080root 11241100x8000000000000000186909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35359614161069002022-04-04 14:01:50.080root 11241100x8000000000000000186908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff7fb927c1e9daa2022-04-04 14:01:50.080root 11241100x8000000000000000186923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef16345e851e05e2022-04-04 14:01:50.081root 11241100x8000000000000000186922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944324863cd0c37e2022-04-04 14:01:50.081root 11241100x8000000000000000186921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9866c095e8f727432022-04-04 14:01:50.081root 11241100x8000000000000000186920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c02639fadef7d522022-04-04 14:01:50.081root 11241100x8000000000000000186919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cc676f4e4390012022-04-04 14:01:50.081root 11241100x8000000000000000186927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25644811875dc522022-04-04 14:01:50.082root 11241100x8000000000000000186926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50266ab881e088c2022-04-04 14:01:50.082root 11241100x8000000000000000186925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1180e3a425f4b7512022-04-04 14:01:50.082root 11241100x8000000000000000186924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e718728980420aa2022-04-04 14:01:50.082root 11241100x8000000000000000186932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473156f788e696dd2022-04-04 14:01:50.083root 11241100x8000000000000000186931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fea2ff000fab77f2022-04-04 14:01:50.083root 11241100x8000000000000000186930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdb94af8c41681b2022-04-04 14:01:50.083root 11241100x8000000000000000186929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1450e466da02a62022-04-04 14:01:50.083root 11241100x8000000000000000186928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.083{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6669163ae95f202022-04-04 14:01:50.083root 11241100x8000000000000000186934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.084{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0ef9b92e41bf4e2022-04-04 14:01:50.084root 11241100x8000000000000000186933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.084{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3975526ea8a9c1462022-04-04 14:01:50.084root 11241100x8000000000000000186937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56a01f7f8a727182022-04-04 14:01:50.085root 11241100x8000000000000000186936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee58f20b2f33cdc2022-04-04 14:01:50.085root 11241100x8000000000000000186935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.085{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37b3c1d8fb932152022-04-04 14:01:50.085root 11241100x8000000000000000186942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5927066328bcb1df2022-04-04 14:01:50.577root 11241100x8000000000000000186941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a83db8b099a6322022-04-04 14:01:50.577root 11241100x8000000000000000186940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98709557eebe9c872022-04-04 14:01:50.577root 11241100x8000000000000000186939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e223248308d0f92022-04-04 14:01:50.577root 11241100x8000000000000000186938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b93b3c176c3e282022-04-04 14:01:50.577root 11241100x8000000000000000186950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38daa78c531f5cc2022-04-04 14:01:50.578root 11241100x8000000000000000186949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150585a7dab68d5f2022-04-04 14:01:50.578root 11241100x8000000000000000186948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e020339ee7fd6c2022-04-04 14:01:50.578root 11241100x8000000000000000186947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e9e6aa80dd4edc2022-04-04 14:01:50.578root 11241100x8000000000000000186946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b480589541fead72022-04-04 14:01:50.578root 11241100x8000000000000000186945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196654a3c9fb91492022-04-04 14:01:50.578root 11241100x8000000000000000186944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe97fddd17e36dff2022-04-04 14:01:50.578root 11241100x8000000000000000186943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833e7b0ebc232d9a2022-04-04 14:01:50.578root 11241100x8000000000000000186960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ef5808c424146e2022-04-04 14:01:50.579root 11241100x8000000000000000186959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dcc767ddd91de72022-04-04 14:01:50.579root 11241100x8000000000000000186958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f91ed38a56c7552022-04-04 14:01:50.579root 11241100x8000000000000000186957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef54d6c65994022b2022-04-04 14:01:50.579root 11241100x8000000000000000186956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f62d4ae1d1b2c2022-04-04 14:01:50.579root 11241100x8000000000000000186955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae785fdef9312af2022-04-04 14:01:50.579root 11241100x8000000000000000186954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1db9f207f61bc82022-04-04 14:01:50.579root 11241100x8000000000000000186953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a6dd77886c64d22022-04-04 14:01:50.579root 11241100x8000000000000000186952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81473bc8492685872022-04-04 14:01:50.579root 11241100x8000000000000000186951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848e548609d8fb132022-04-04 14:01:50.579root 11241100x8000000000000000186970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bd2ac8a7e6d3122022-04-04 14:01:50.580root 11241100x8000000000000000186969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5219d5b4f5a5662022-04-04 14:01:50.580root 11241100x8000000000000000186968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8a1a1159ade5e42022-04-04 14:01:50.580root 11241100x8000000000000000186967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad0932f83e1d0592022-04-04 14:01:50.580root 11241100x8000000000000000186966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80ea85558fe99542022-04-04 14:01:50.580root 11241100x8000000000000000186965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b23abb7d30c10032022-04-04 14:01:50.580root 11241100x8000000000000000186964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8b312b5055eaa82022-04-04 14:01:50.580root 11241100x8000000000000000186963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aad7620204f1572022-04-04 14:01:50.580root 11241100x8000000000000000186962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0d5d2412e5e9d62022-04-04 14:01:50.580root 11241100x8000000000000000186961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d5dc9cc14c92152022-04-04 14:01:50.580root 11241100x8000000000000000186976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9c4a82615c9bb62022-04-04 14:01:50.581root 11241100x8000000000000000186975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd6abfb6581eb802022-04-04 14:01:50.581root 11241100x8000000000000000186974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad70bdfb2c9a7ecf2022-04-04 14:01:50.581root 11241100x8000000000000000186973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3717c148e300f5332022-04-04 14:01:50.581root 11241100x8000000000000000186972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06cdba18186dd2c2022-04-04 14:01:50.581root 11241100x8000000000000000186971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:50.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f41d08f9ca68772022-04-04 14:01:50.581root 11241100x8000000000000000186977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.076{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216e2d5f1e8f6fa62022-04-04 14:01:51.076root 11241100x8000000000000000186983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eac1b5a8ef695b32022-04-04 14:01:51.077root 11241100x8000000000000000186982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e14249a5a29d532022-04-04 14:01:51.077root 11241100x8000000000000000186981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2600b91a14fe3e62022-04-04 14:01:51.077root 11241100x8000000000000000186980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54461ece760ef3452022-04-04 14:01:51.077root 11241100x8000000000000000186979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41dfc95d42a68872022-04-04 14:01:51.077root 11241100x8000000000000000186978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a83da4a48fbdbe22022-04-04 14:01:51.077root 11241100x8000000000000000186989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b174aba016e1f32022-04-04 14:01:51.078root 11241100x8000000000000000186988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0721d4c811229c52022-04-04 14:01:51.078root 11241100x8000000000000000186987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ee974f89878eaa2022-04-04 14:01:51.078root 11241100x8000000000000000186986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33d57eb7f4ea0f62022-04-04 14:01:51.078root 11241100x8000000000000000186985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51707e6cc02074f2022-04-04 14:01:51.078root 11241100x8000000000000000186984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88a9a67873a6d7d2022-04-04 14:01:51.078root 11241100x8000000000000000186996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf9b2bbce44cf1c2022-04-04 14:01:51.079root 11241100x8000000000000000186995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b89856a3ae6c852022-04-04 14:01:51.079root 11241100x8000000000000000186994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbafc9537540d5a92022-04-04 14:01:51.079root 11241100x8000000000000000186993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a2ad249a34e3092022-04-04 14:01:51.079root 11241100x8000000000000000186992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4437883064e3472022-04-04 14:01:51.079root 11241100x8000000000000000186991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f829d760d706bf2022-04-04 14:01:51.079root 11241100x8000000000000000186990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55323c8131e928cd2022-04-04 14:01:51.079root 11241100x8000000000000000187010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bdfb5a737238702022-04-04 14:01:51.080root 11241100x8000000000000000187009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb174855507a002d2022-04-04 14:01:51.080root 11241100x8000000000000000187008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1ce84fb4a7c85f2022-04-04 14:01:51.080root 11241100x8000000000000000187007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebeaba67eee16f32022-04-04 14:01:51.080root 11241100x8000000000000000187006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756de6785ebb75552022-04-04 14:01:51.080root 11241100x8000000000000000187005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6ebf2d4138346b2022-04-04 14:01:51.080root 11241100x8000000000000000187004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49826cedef464bd32022-04-04 14:01:51.080root 11241100x8000000000000000187003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fe4c9d3b25c2ad2022-04-04 14:01:51.080root 11241100x8000000000000000187002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882be052b34e644e2022-04-04 14:01:51.080root 11241100x8000000000000000187001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06518fa475abbfc2022-04-04 14:01:51.080root 11241100x8000000000000000187000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed3ca2ff7ca8fcc2022-04-04 14:01:51.080root 11241100x8000000000000000186999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352199fd06945abf2022-04-04 14:01:51.080root 11241100x8000000000000000186998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2009d0136cc3562022-04-04 14:01:51.080root 11241100x8000000000000000186997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c8fbc01be307f42022-04-04 14:01:51.080root 11241100x8000000000000000187022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f20e55b0d6096ef2022-04-04 14:01:51.081root 11241100x8000000000000000187021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ace5e9c065c186f2022-04-04 14:01:51.081root 11241100x8000000000000000187020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49901d1cede6b5b2022-04-04 14:01:51.081root 11241100x8000000000000000187019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57442118fb664c502022-04-04 14:01:51.081root 11241100x8000000000000000187018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1809a30057ecb7692022-04-04 14:01:51.081root 11241100x8000000000000000187017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ae7019cd0bf852022-04-04 14:01:51.081root 11241100x8000000000000000187016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3997cf74233007d2022-04-04 14:01:51.081root 11241100x8000000000000000187015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc25edf78a3b27b2022-04-04 14:01:51.081root 11241100x8000000000000000187014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d72d49bc6b06e9c2022-04-04 14:01:51.081root 11241100x8000000000000000187013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef45cbd6587b6cf22022-04-04 14:01:51.081root 11241100x8000000000000000187012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94833f9fc8cabcd42022-04-04 14:01:51.081root 11241100x8000000000000000187011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd10de0a437fbef2022-04-04 14:01:51.081root 11241100x8000000000000000187031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1422c957c176b12022-04-04 14:01:51.082root 11241100x8000000000000000187030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52471bff7e86e6fd2022-04-04 14:01:51.082root 11241100x8000000000000000187029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04c008fc7d8f122022-04-04 14:01:51.082root 11241100x8000000000000000187028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d46682940ee28412022-04-04 14:01:51.082root 11241100x8000000000000000187027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4180f21d9f11e32022-04-04 14:01:51.082root 11241100x8000000000000000187026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5852f213961c91442022-04-04 14:01:51.082root 11241100x8000000000000000187025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbbbc730a3ab1db2022-04-04 14:01:51.082root 11241100x8000000000000000187024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767688f2e272d52e2022-04-04 14:01:51.082root 11241100x8000000000000000187023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.082{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cff768f022672702022-04-04 14:01:51.082root 11241100x8000000000000000187038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0642e2e1129fa342022-04-04 14:01:51.577root 11241100x8000000000000000187037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a6add8cf9d31382022-04-04 14:01:51.577root 11241100x8000000000000000187036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42ed489b81dbb72022-04-04 14:01:51.577root 11241100x8000000000000000187035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69717fc24aed89b2022-04-04 14:01:51.577root 11241100x8000000000000000187034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb46af7d2f61819b2022-04-04 14:01:51.577root 11241100x8000000000000000187033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a8928853a518db2022-04-04 14:01:51.577root 11241100x8000000000000000187032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94943d41c155f1bb2022-04-04 14:01:51.577root 11241100x8000000000000000187049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9849651af073b03c2022-04-04 14:01:51.578root 11241100x8000000000000000187048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1917fac42d3a2d12022-04-04 14:01:51.578root 11241100x8000000000000000187047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e64d53055ddfaba2022-04-04 14:01:51.578root 11241100x8000000000000000187046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf445a3d80415c42022-04-04 14:01:51.578root 11241100x8000000000000000187045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c59e5d26102d682022-04-04 14:01:51.578root 11241100x8000000000000000187044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b869c48e179c6d2022-04-04 14:01:51.578root 11241100x8000000000000000187043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f8bd89f5af63c72022-04-04 14:01:51.578root 11241100x8000000000000000187042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dbcadefa27b24b2022-04-04 14:01:51.578root 11241100x8000000000000000187041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e78f20fb1ded6bc2022-04-04 14:01:51.578root 11241100x8000000000000000187040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58422d558526ff762022-04-04 14:01:51.578root 11241100x8000000000000000187039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5436e7a70f8ffc0e2022-04-04 14:01:51.578root 11241100x8000000000000000187060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd83a00e59482492022-04-04 14:01:51.579root 11241100x8000000000000000187059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0ad97d5bb4f5f02022-04-04 14:01:51.579root 11241100x8000000000000000187058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd67d2ff3ea2549d2022-04-04 14:01:51.579root 11241100x8000000000000000187057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b004d66e28bb12752022-04-04 14:01:51.579root 11241100x8000000000000000187056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6000d224fd66ddb92022-04-04 14:01:51.579root 11241100x8000000000000000187055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74351b0b6965f1d02022-04-04 14:01:51.579root 11241100x8000000000000000187054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b046e2129548b122022-04-04 14:01:51.579root 11241100x8000000000000000187053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c373f658326a05bf2022-04-04 14:01:51.579root 11241100x8000000000000000187052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2194bba083b012af2022-04-04 14:01:51.579root 11241100x8000000000000000187051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be6cc2cdc2f83852022-04-04 14:01:51.579root 11241100x8000000000000000187050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c499f8e90af386a2022-04-04 14:01:51.579root 11241100x8000000000000000187068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9282bdfcd512462022-04-04 14:01:51.580root 11241100x8000000000000000187067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60bfd639647f22f2022-04-04 14:01:51.580root 11241100x8000000000000000187066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e392b53c0e612692022-04-04 14:01:51.580root 11241100x8000000000000000187065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4a5b77a346b592022-04-04 14:01:51.580root 11241100x8000000000000000187064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af24de46bfef797c2022-04-04 14:01:51.580root 11241100x8000000000000000187063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8533125bf51845082022-04-04 14:01:51.580root 11241100x8000000000000000187062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4bd813e4e89eb42022-04-04 14:01:51.580root 11241100x8000000000000000187061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd3e5add7c892662022-04-04 14:01:51.580root 11241100x8000000000000000187070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d519586b94b2ddf42022-04-04 14:01:51.581root 11241100x8000000000000000187069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0234b6a7c4451da72022-04-04 14:01:51.581root 11241100x8000000000000000187074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7504412f03b18292022-04-04 14:01:51.582root 11241100x8000000000000000187073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710abbb8c539bba12022-04-04 14:01:51.582root 11241100x8000000000000000187072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bac13f3ca814ce2022-04-04 14:01:51.582root 11241100x8000000000000000187071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:51.582{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc74ec58b8341a42022-04-04 14:01:51.582root 11241100x8000000000000000187084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a0e9e7e09667ea2022-04-04 14:01:52.077root 11241100x8000000000000000187083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9d0a5d4f1eac4a2022-04-04 14:01:52.077root 11241100x8000000000000000187082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c3df98ab9dccc02022-04-04 14:01:52.077root 11241100x8000000000000000187081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0ac27ea49a51062022-04-04 14:01:52.077root 11241100x8000000000000000187080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106628d7e98d8a4f2022-04-04 14:01:52.077root 11241100x8000000000000000187079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf2978842885b3a2022-04-04 14:01:52.077root 11241100x8000000000000000187078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f20ce940db31c82022-04-04 14:01:52.077root 11241100x8000000000000000187077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5f5d6e31758aaa2022-04-04 14:01:52.077root 11241100x8000000000000000187076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaad49f2e9d573a72022-04-04 14:01:52.077root 11241100x8000000000000000187075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.077{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a5297656c1f7342022-04-04 14:01:52.077root 11241100x8000000000000000187096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfefe3f31a50b6652022-04-04 14:01:52.078root 11241100x8000000000000000187095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fba6380f35a72c02022-04-04 14:01:52.078root 11241100x8000000000000000187094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a5ccebebf8f0722022-04-04 14:01:52.078root 11241100x8000000000000000187093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a808c03453c98f2022-04-04 14:01:52.078root 11241100x8000000000000000187092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24104a00caf18bcb2022-04-04 14:01:52.078root 11241100x8000000000000000187091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bc5cbd11a5c27c2022-04-04 14:01:52.078root 11241100x8000000000000000187090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296bc9094b4b76a32022-04-04 14:01:52.078root 11241100x8000000000000000187089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32863acacbd5b1212022-04-04 14:01:52.078root 11241100x8000000000000000187088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a34d88c16f1082022-04-04 14:01:52.078root 11241100x8000000000000000187087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca86bbce47ea8ad2022-04-04 14:01:52.078root 11241100x8000000000000000187086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c89a1e54137501d2022-04-04 14:01:52.078root 11241100x8000000000000000187085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.078{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75520e1b233dae9a2022-04-04 14:01:52.078root 11241100x8000000000000000187101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2dcc6deac8ac9d2022-04-04 14:01:52.079root 11241100x8000000000000000187100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79950240ef46c6e12022-04-04 14:01:52.079root 11241100x8000000000000000187099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b585ea84fab5e1fc2022-04-04 14:01:52.079root 11241100x8000000000000000187098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb55ba7218a5b6f52022-04-04 14:01:52.079root 11241100x8000000000000000187097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.079{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fe8200a7ef34d42022-04-04 14:01:52.079root 11241100x8000000000000000187112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d31767f1493e092022-04-04 14:01:52.080root 11241100x8000000000000000187111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2395652fff336d372022-04-04 14:01:52.080root 11241100x8000000000000000187110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be5d74e1e6b83cc2022-04-04 14:01:52.080root 11241100x8000000000000000187109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc5dcd29fcb4e3b2022-04-04 14:01:52.080root 11241100x8000000000000000187108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76755ee809638832022-04-04 14:01:52.080root 11241100x8000000000000000187107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dbf380d5a6ddfe2022-04-04 14:01:52.080root 11241100x8000000000000000187106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c19f59fb5405a52022-04-04 14:01:52.080root 11241100x8000000000000000187105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad995adedaf180ef2022-04-04 14:01:52.080root 11241100x8000000000000000187104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3281d0fb3e655e42022-04-04 14:01:52.080root 11241100x8000000000000000187103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ee400e03ecd732022-04-04 14:01:52.080root 11241100x8000000000000000187102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.080{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e9c2dae1053d522022-04-04 14:01:52.080root 11241100x8000000000000000187118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d57b99bbb960fb2022-04-04 14:01:52.081root 11241100x8000000000000000187117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45329a07469fb82022-04-04 14:01:52.081root 11241100x8000000000000000187116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f491fd179152516a2022-04-04 14:01:52.081root 11241100x8000000000000000187115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fcbce0466e91bc2022-04-04 14:01:52.081root 11241100x8000000000000000187114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d15f2ba8780dbb2022-04-04 14:01:52.081root 11241100x8000000000000000187113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.081{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfc4a9568408a3c2022-04-04 14:01:52.081root 11241100x8000000000000000187123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b0cd4ebb3055542022-04-04 14:01:52.577root 11241100x8000000000000000187122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a254f0ae21dd3cc2022-04-04 14:01:52.577root 11241100x8000000000000000187121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6134fe75e83dc2022-04-04 14:01:52.577root 11241100x8000000000000000187120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0053128528a5162022-04-04 14:01:52.577root 11241100x8000000000000000187119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.577{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bce81481df84832022-04-04 14:01:52.577root 11241100x8000000000000000187134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2499a01177e3fe092022-04-04 14:01:52.578root 11241100x8000000000000000187133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c54dd95224a33e52022-04-04 14:01:52.578root 11241100x8000000000000000187132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5106ba5764a7df2b2022-04-04 14:01:52.578root 11241100x8000000000000000187131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d656ee0a399c82022-04-04 14:01:52.578root 11241100x8000000000000000187130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0833ad220c10b7b2022-04-04 14:01:52.578root 11241100x8000000000000000187129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38205b59477d68c72022-04-04 14:01:52.578root 11241100x8000000000000000187128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b03807b201f93ef2022-04-04 14:01:52.578root 11241100x8000000000000000187127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d42ad2f61e40e0d2022-04-04 14:01:52.578root 11241100x8000000000000000187126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063bc61f8b199cf12022-04-04 14:01:52.578root 11241100x8000000000000000187125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853c31e3096948ee2022-04-04 14:01:52.578root 11241100x8000000000000000187124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.578{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af42efedd135eebc2022-04-04 14:01:52.578root 11241100x8000000000000000187143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b15732506bdbde2022-04-04 14:01:52.579root 11241100x8000000000000000187142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7eba6d2a8977e922022-04-04 14:01:52.579root 11241100x8000000000000000187141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07e6c929f5149ee2022-04-04 14:01:52.579root 11241100x8000000000000000187140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a2e57ea03e9caa2022-04-04 14:01:52.579root 11241100x8000000000000000187139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0efb7563ca69fef2022-04-04 14:01:52.579root 11241100x8000000000000000187138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a824b9e43a27792022-04-04 14:01:52.579root 11241100x8000000000000000187137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24290f64eab56b902022-04-04 14:01:52.579root 11241100x8000000000000000187136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec337a983ec03d172022-04-04 14:01:52.579root 11241100x8000000000000000187135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.579{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa878bd393c759272022-04-04 14:01:52.579root 11241100x8000000000000000187152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4b83c2f639b9182022-04-04 14:01:52.580root 11241100x8000000000000000187151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f1edcde9c4f5a72022-04-04 14:01:52.580root 11241100x8000000000000000187150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34501b11b1b35fc62022-04-04 14:01:52.580root 11241100x8000000000000000187149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fdefb47f2790222022-04-04 14:01:52.580root 11241100x8000000000000000187148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20c2a5ba116488d2022-04-04 14:01:52.580root 11241100x8000000000000000187147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58e2b74802ae0f22022-04-04 14:01:52.580root 11241100x8000000000000000187146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cb96220342c1cf2022-04-04 14:01:52.580root 11241100x8000000000000000187145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7497d95e966d8372022-04-04 14:01:52.580root 11241100x8000000000000000187144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.580{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c2301165aea3f32022-04-04 14:01:52.580root 11241100x8000000000000000187160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056a5827a845bb2d2022-04-04 14:01:52.581root 11241100x8000000000000000187159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f30adb5e55850672022-04-04 14:01:52.581root 11241100x8000000000000000187158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bed9cc8801b7632022-04-04 14:01:52.581root 11241100x8000000000000000187157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3e6799794b9ab2022-04-04 14:01:52.581root 11241100x8000000000000000187156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba979145a2e09722022-04-04 14:01:52.581root 11241100x8000000000000000187155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c46f43d89f950a2022-04-04 14:01:52.581root 11241100x8000000000000000187154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff8e08990a903f02022-04-04 14:01:52.581root 11241100x8000000000000000187153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:52.581{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63ca3c717a5a9162022-04-04 14:01:52.581root 11241100x8000000000000000187162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.052{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0525705c8887c1f12022-04-04 14:01:53.052root 354300x8000000000000000187161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.052{ec21797c-f0e1-624a-d9ff-4d0400000000}5533/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34472-false10.0.1.12-8000- 11241100x8000000000000000187171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dfa06e42fc15482022-04-04 14:01:53.053root 11241100x8000000000000000187170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515f3d8373801edc2022-04-04 14:01:53.053root 11241100x8000000000000000187169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57dd00350aa4e12022-04-04 14:01:53.053root 11241100x8000000000000000187168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9270e36ac39d32022-04-04 14:01:53.053root 11241100x8000000000000000187167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a401efdd5896a6c2022-04-04 14:01:53.053root 11241100x8000000000000000187166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c82f464efc7cd812022-04-04 14:01:53.053root 11241100x8000000000000000187165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e28f67edcd01a22022-04-04 14:01:53.053root 11241100x8000000000000000187164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9126a7adabc4936b2022-04-04 14:01:53.053root 11241100x8000000000000000187163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.053{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59162763293f09002022-04-04 14:01:53.053root 11241100x8000000000000000187180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a908117098e443552022-04-04 14:01:53.054root 11241100x8000000000000000187179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3b7816f6c0f6162022-04-04 14:01:53.054root 11241100x8000000000000000187178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e539c02e111f9d3a2022-04-04 14:01:53.054root 11241100x8000000000000000187177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1e662478fed3892022-04-04 14:01:53.054root 11241100x8000000000000000187176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e495e63a83b073d72022-04-04 14:01:53.054root 11241100x8000000000000000187175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39eb4ec144fe92f52022-04-04 14:01:53.054root 11241100x8000000000000000187174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cc7de969fecef72022-04-04 14:01:53.054root 11241100x8000000000000000187173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f47143cd7dee8252022-04-04 14:01:53.054root 11241100x8000000000000000187172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.054{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12163c848e3c81322022-04-04 14:01:53.054root 11241100x8000000000000000187189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9cca3378594ba72022-04-04 14:01:53.055root 11241100x8000000000000000187188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783934ce70242f1c2022-04-04 14:01:53.055root 11241100x8000000000000000187187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf4bac42b3e2c002022-04-04 14:01:53.055root 11241100x8000000000000000187186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb855365364489c2022-04-04 14:01:53.055root 11241100x8000000000000000187185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d9c23e0cca71ed2022-04-04 14:01:53.055root 11241100x8000000000000000187184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b63da0f8494b68f2022-04-04 14:01:53.055root 11241100x8000000000000000187183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7891c9a60e2697782022-04-04 14:01:53.055root 11241100x8000000000000000187182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5d42c451580f6c2022-04-04 14:01:53.055root 11241100x8000000000000000187181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.055{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ace45ea2b315f212022-04-04 14:01:53.055root 11241100x8000000000000000187199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3125c2e2fb860902022-04-04 14:01:53.056root 11241100x8000000000000000187198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aad0dc5d746d50f2022-04-04 14:01:53.056root 11241100x8000000000000000187197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053cc3fc81be68272022-04-04 14:01:53.056root 11241100x8000000000000000187196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a860855ca422f12022-04-04 14:01:53.056root 11241100x8000000000000000187195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243d903a822d150c2022-04-04 14:01:53.056root 11241100x8000000000000000187194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f3e73fd61f13112022-04-04 14:01:53.056root 11241100x8000000000000000187193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfd33c5075c5bdb2022-04-04 14:01:53.056root 11241100x8000000000000000187192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42e0ff0ce7579572022-04-04 14:01:53.056root 11241100x8000000000000000187191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41750536406a1b62022-04-04 14:01:53.056root 11241100x8000000000000000187190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.056{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303010da24a6ccd72022-04-04 14:01:53.056root 11241100x8000000000000000187208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdebbfe7595e4562022-04-04 14:01:53.057root 11241100x8000000000000000187207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b112d49c6d6a59f2022-04-04 14:01:53.057root 11241100x8000000000000000187206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1783e4e0ee516b372022-04-04 14:01:53.057root 11241100x8000000000000000187205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4e7bcbd5c5096c2022-04-04 14:01:53.057root 11241100x8000000000000000187204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3db5bc886b290492022-04-04 14:01:53.057root 11241100x8000000000000000187203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130c420b9b114a482022-04-04 14:01:53.057root 11241100x8000000000000000187202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1eb5e40f777e652022-04-04 14:01:53.057root 11241100x8000000000000000187201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b09589c96f8dcae2022-04-04 14:01:53.057root 11241100x8000000000000000187200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.057{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2688dd14c6658fc92022-04-04 14:01:53.057root 11241100x8000000000000000187217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18261be151ef00a72022-04-04 14:01:53.058root 11241100x8000000000000000187216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eb44e7d0a73dfe2022-04-04 14:01:53.058root 11241100x8000000000000000187215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98e128e3ca534572022-04-04 14:01:53.058root 11241100x8000000000000000187214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c5c47255c9bee72022-04-04 14:01:53.058root 11241100x8000000000000000187213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f93da4d64797a682022-04-04 14:01:53.058root 11241100x8000000000000000187212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d89af0e04f29ecf2022-04-04 14:01:53.058root 11241100x8000000000000000187211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c98e8fc57e65cf2022-04-04 14:01:53.058root 11241100x8000000000000000187210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9decd30d2e2d7c52022-04-04 14:01:53.058root 11241100x8000000000000000187209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.058{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e564c17336c75372022-04-04 14:01:53.058root 11241100x8000000000000000187227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8e87f482247c282022-04-04 14:01:53.059root 11241100x8000000000000000187226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a767cdc7c0939e2022-04-04 14:01:53.059root 11241100x8000000000000000187225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7168a225f80cdff2022-04-04 14:01:53.059root 11241100x8000000000000000187224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74450d415ffbb2772022-04-04 14:01:53.059root 11241100x8000000000000000187223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6a661b260c0ba62022-04-04 14:01:53.059root 11241100x8000000000000000187222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32872ecf2f81e4882022-04-04 14:01:53.059root 11241100x8000000000000000187221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb1158da538055a2022-04-04 14:01:53.059root 11241100x8000000000000000187220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919bc6b23cd5500e2022-04-04 14:01:53.059root 11241100x8000000000000000187219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cfca146997e6442022-04-04 14:01:53.059root 11241100x8000000000000000187218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.059{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843312510fa6ee282022-04-04 14:01:53.059root 11241100x8000000000000000187232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.060{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eee0efbd5938be2022-04-04 14:01:53.060root 11241100x8000000000000000187231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.060{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031d3002ff0fe3552022-04-04 14:01:53.060root 11241100x8000000000000000187230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.060{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d301bc1774599542022-04-04 14:01:53.060root 11241100x8000000000000000187229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.060{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d04eae549fefcbe2022-04-04 14:01:53.060root 11241100x8000000000000000187228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.060{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3252eb1ca2b2d9f62022-04-04 14:01:53.060root 11241100x8000000000000000187235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.061{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd9ad8b937dd1652022-04-04 14:01:53.061root 11241100x8000000000000000187234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.061{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f172f6c77ea1a2c82022-04-04 14:01:53.061root 11241100x8000000000000000187233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.061{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ac9d8b52ad809f2022-04-04 14:01:53.061root 11241100x8000000000000000187238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.062{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81d47540bfcd32c2022-04-04 14:01:53.062root 11241100x8000000000000000187237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.062{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176004021ab53d382022-04-04 14:01:53.062root 11241100x8000000000000000187236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.062{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9debf268c168ea0a2022-04-04 14:01:53.062root 11241100x8000000000000000187244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e12675816a7de12022-04-04 14:01:53.327root 11241100x8000000000000000187243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bdace96541e1ce2022-04-04 14:01:53.327root 11241100x8000000000000000187242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c46d1f7705d9c0f2022-04-04 14:01:53.327root 11241100x8000000000000000187241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a540f658ecd2064f2022-04-04 14:01:53.327root 11241100x8000000000000000187240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b27fcdc6a103a62022-04-04 14:01:53.327root 11241100x8000000000000000187239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb80d80e72e763b42022-04-04 14:01:53.327root 11241100x8000000000000000187250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3baa62016ebb112022-04-04 14:01:53.328root 11241100x8000000000000000187249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3ddb13364596d62022-04-04 14:01:53.328root 11241100x8000000000000000187248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebd7e1432e1d6882022-04-04 14:01:53.328root 11241100x8000000000000000187247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83f0694f4648b562022-04-04 14:01:53.328root 11241100x8000000000000000187246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97e7456a3012fd2022-04-04 14:01:53.328root 11241100x8000000000000000187245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3a8603527a555a2022-04-04 14:01:53.328root 11241100x8000000000000000187260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ea70fbb5801ed62022-04-04 14:01:53.329root 11241100x8000000000000000187259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79da1a5d04b1d6102022-04-04 14:01:53.329root 11241100x8000000000000000187258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c7bb4dc7efe8022022-04-04 14:01:53.329root 11241100x8000000000000000187257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560ecb45c196f59e2022-04-04 14:01:53.329root 11241100x8000000000000000187256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a745e9513e2772022-04-04 14:01:53.329root 11241100x8000000000000000187255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce5a076587f9dd72022-04-04 14:01:53.329root 11241100x8000000000000000187254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da627c2dbedfc0b2022-04-04 14:01:53.329root 11241100x8000000000000000187253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f747fb673e89d02022-04-04 14:01:53.329root 11241100x8000000000000000187252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b370afe4a9af29042022-04-04 14:01:53.329root 11241100x8000000000000000187251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cdd9264baaa8a02022-04-04 14:01:53.329root 11241100x8000000000000000187270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053c4ddfa893b36b2022-04-04 14:01:53.330root 11241100x8000000000000000187269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4848b2698081182022-04-04 14:01:53.330root 11241100x8000000000000000187268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329439286a7ff73d2022-04-04 14:01:53.330root 11241100x8000000000000000187267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5771df5b3678cc3c2022-04-04 14:01:53.330root 11241100x8000000000000000187266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6387ee4827f82e52022-04-04 14:01:53.330root 11241100x8000000000000000187265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5b1d5c158f2c752022-04-04 14:01:53.330root 11241100x8000000000000000187264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928e4219452cbc82022-04-04 14:01:53.330root 11241100x8000000000000000187263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b358824861ee57bc2022-04-04 14:01:53.330root 11241100x8000000000000000187262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a23acbf8e80b8a2022-04-04 14:01:53.330root 11241100x8000000000000000187261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd460780abe934772022-04-04 14:01:53.330root 11241100x8000000000000000187279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bf1d2c442ff6522022-04-04 14:01:53.331root 11241100x8000000000000000187278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4541ab1a60da14dd2022-04-04 14:01:53.331root 11241100x8000000000000000187277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8064599a6b3c86c92022-04-04 14:01:53.331root 11241100x8000000000000000187276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fadf7eaddc9efdb2022-04-04 14:01:53.331root 11241100x8000000000000000187275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fed2b9fca9d2ceb2022-04-04 14:01:53.331root 11241100x8000000000000000187274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cba0a86f0a8ead2022-04-04 14:01:53.331root 11241100x8000000000000000187273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac0e3ea777942b82022-04-04 14:01:53.331root 11241100x8000000000000000187272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8442d7cef019332022-04-04 14:01:53.331root 11241100x8000000000000000187271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbce85a944fa11ce2022-04-04 14:01:53.331root 11241100x8000000000000000187284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8158698b14e76c2022-04-04 14:01:53.333root 11241100x8000000000000000187283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbaa6ad4c16aab42022-04-04 14:01:53.333root 11241100x8000000000000000187282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5037b6e1aefd68402022-04-04 14:01:53.333root 11241100x8000000000000000187281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6010d2d6de1cf8282022-04-04 14:01:53.333root 11241100x8000000000000000187280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1808101551b3c362022-04-04 14:01:53.333root 11241100x8000000000000000187291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527ec8992ab956da2022-04-04 14:01:53.334root 11241100x8000000000000000187290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9776aeef99ac570b2022-04-04 14:01:53.334root 11241100x8000000000000000187289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719fedbb727230b92022-04-04 14:01:53.334root 11241100x8000000000000000187288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f604aa23b2f444ea2022-04-04 14:01:53.334root 11241100x8000000000000000187287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27d13bacfb8938a2022-04-04 14:01:53.334root 11241100x8000000000000000187286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e5f057062e8b792022-04-04 14:01:53.334root 11241100x8000000000000000187285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8475280410dc52022-04-04 14:01:53.334root 11241100x8000000000000000187294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.335{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b14c5ad8b0b16812022-04-04 14:01:53.335root 11241100x8000000000000000187293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.335{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533026d8933748cc2022-04-04 14:01:53.335root 11241100x8000000000000000187292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.335{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52514434aeea823e2022-04-04 14:01:53.335root 11241100x8000000000000000187299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ebbcc83e90d3662022-04-04 14:01:53.336root 11241100x8000000000000000187298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a13ab2afb8a2a512022-04-04 14:01:53.336root 11241100x8000000000000000187297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803a78046ea29dc92022-04-04 14:01:53.336root 11241100x8000000000000000187296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948fd4ccee5f3e1a2022-04-04 14:01:53.336root 11241100x8000000000000000187295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610d1c3d8b439c802022-04-04 14:01:53.336root 11241100x8000000000000000187306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.337{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bea2f5011f5f9502022-04-04 14:01:53.337root 11241100x8000000000000000187305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.337{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316615afd3db50322022-04-04 14:01:53.337root 11241100x8000000000000000187304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.337{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c5462d89e1fb6f2022-04-04 14:01:53.337root 11241100x8000000000000000187303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.337{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85049297b2ed274c2022-04-04 14:01:53.337root 11241100x8000000000000000187302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.337{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f984c86c4dc2162022-04-04 14:01:53.337root 11241100x8000000000000000187301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.337{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d017ab59e8737c62022-04-04 14:01:53.337root 11241100x8000000000000000187300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.337{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3d54361db1906f2022-04-04 14:01:53.337root 11241100x8000000000000000187310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.338{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34e47056b96048c2022-04-04 14:01:53.338root 11241100x8000000000000000187309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.338{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb7b062e45daa032022-04-04 14:01:53.338root 11241100x8000000000000000187308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.338{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6000ca66b0628ec12022-04-04 14:01:53.338root 11241100x8000000000000000187307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.338{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97509ce955d8065d2022-04-04 14:01:53.338root 11241100x8000000000000000187319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df22d936fbd91c582022-04-04 14:01:53.339root 11241100x8000000000000000187318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8bd894970818c72022-04-04 14:01:53.339root 11241100x8000000000000000187317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91eefe732c1151b2022-04-04 14:01:53.339root 11241100x8000000000000000187316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb329f5d309c4192022-04-04 14:01:53.339root 11241100x8000000000000000187315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25107372f93b10a42022-04-04 14:01:53.339root 11241100x8000000000000000187314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2110dc1847f5e862022-04-04 14:01:53.339root 11241100x8000000000000000187313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e282aa46c842adee2022-04-04 14:01:53.339root 11241100x8000000000000000187312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5fa9930c06c4ce2022-04-04 14:01:53.339root 11241100x8000000000000000187311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.339{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccf578aec2581eb2022-04-04 14:01:53.339root 11241100x8000000000000000187331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201ac50d6e1b8b202022-04-04 14:01:53.340root 11241100x8000000000000000187330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e0e2b20d20d6192022-04-04 14:01:53.340root 11241100x8000000000000000187329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb700cd0d28b44f82022-04-04 14:01:53.340root 11241100x8000000000000000187328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9240447cbedb9852022-04-04 14:01:53.340root 11241100x8000000000000000187327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7af3f538a666e7f2022-04-04 14:01:53.340root 11241100x8000000000000000187326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01cd13297276d4e2022-04-04 14:01:53.340root 11241100x8000000000000000187325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363d3ca16ab9ce8e2022-04-04 14:01:53.340root 11241100x8000000000000000187324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc60396d93b2f82022-04-04 14:01:53.340root 11241100x8000000000000000187323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb3021744c789eb2022-04-04 14:01:53.340root 11241100x8000000000000000187322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d5864b922452d2022-04-04 14:01:53.340root 11241100x8000000000000000187321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b26aca170a04a12022-04-04 14:01:53.340root 11241100x8000000000000000187320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.340{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716361c0a4b6c0062022-04-04 14:01:53.340root 11241100x8000000000000000187333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.341{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cda7614eb601142022-04-04 14:01:53.341root 11241100x8000000000000000187332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.341{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d8c15156671a62022-04-04 14:01:53.341root 11241100x8000000000000000187334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f8d9140c750d6e2022-04-04 14:01:53.826root 11241100x8000000000000000187348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3dc67938b4e26f2022-04-04 14:01:53.827root 11241100x8000000000000000187347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb83fc27ab9b1d22022-04-04 14:01:53.827root 11241100x8000000000000000187346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24af70600e427f222022-04-04 14:01:53.827root 11241100x8000000000000000187345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411bfa2571a2f0c32022-04-04 14:01:53.827root 11241100x8000000000000000187344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007dd3455b23716f2022-04-04 14:01:53.827root 11241100x8000000000000000187343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29db5441e87a2c9f2022-04-04 14:01:53.827root 11241100x8000000000000000187342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37c531e13dd8df22022-04-04 14:01:53.827root 11241100x8000000000000000187341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fceee3c0b5f1ab82022-04-04 14:01:53.827root 11241100x8000000000000000187340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668b9534f99001d22022-04-04 14:01:53.827root 11241100x8000000000000000187339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48dc56e3c17b5782022-04-04 14:01:53.827root 11241100x8000000000000000187338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78cebc85e8f84852022-04-04 14:01:53.827root 11241100x8000000000000000187337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c7c4c57249b77b2022-04-04 14:01:53.827root 11241100x8000000000000000187336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da39a167bfc850292022-04-04 14:01:53.827root 11241100x8000000000000000187335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c05fb6db2ef2c702022-04-04 14:01:53.827root 11241100x8000000000000000187363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7727e991e45d7a432022-04-04 14:01:53.828root 11241100x8000000000000000187362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad598cdf02c9dd12022-04-04 14:01:53.828root 11241100x8000000000000000187361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a054d1c4ea8abf0d2022-04-04 14:01:53.828root 11241100x8000000000000000187360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0946971d2595323e2022-04-04 14:01:53.828root 11241100x8000000000000000187359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010912b0f077f5262022-04-04 14:01:53.828root 11241100x8000000000000000187358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce3264908ddf00d2022-04-04 14:01:53.828root 11241100x8000000000000000187357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f5ec2c693f0e42022-04-04 14:01:53.828root 11241100x8000000000000000187356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36820f4b7e355602022-04-04 14:01:53.828root 11241100x8000000000000000187355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26075d4fae8e56272022-04-04 14:01:53.828root 11241100x8000000000000000187354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac66f80a12262f012022-04-04 14:01:53.828root 11241100x8000000000000000187353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516c24bf72734b702022-04-04 14:01:53.828root 11241100x8000000000000000187352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee297c48559f63082022-04-04 14:01:53.828root 11241100x8000000000000000187351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852de397752959392022-04-04 14:01:53.828root 11241100x8000000000000000187350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf2664d8ae7b35a2022-04-04 14:01:53.828root 11241100x8000000000000000187349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35220fabf80e247b2022-04-04 14:01:53.828root 11241100x8000000000000000187373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001a0de63bbc45b52022-04-04 14:01:53.829root 11241100x8000000000000000187372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a9f604906436f02022-04-04 14:01:53.829root 11241100x8000000000000000187371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71aec47aca5128c2022-04-04 14:01:53.829root 11241100x8000000000000000187370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebb647387c34c892022-04-04 14:01:53.829root 11241100x8000000000000000187369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca20f4c4fcaea3542022-04-04 14:01:53.829root 11241100x8000000000000000187368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cdf7b1558916772022-04-04 14:01:53.829root 11241100x8000000000000000187367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343e6125fad5d0372022-04-04 14:01:53.829root 11241100x8000000000000000187366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94dabd2c37c8f1b2022-04-04 14:01:53.829root 11241100x8000000000000000187365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53de054c299b9c2c2022-04-04 14:01:53.829root 11241100x8000000000000000187364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31149195c6ee18b2022-04-04 14:01:53.829root 11241100x8000000000000000187381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a644789821b63e2022-04-04 14:01:53.830root 11241100x8000000000000000187380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7568467b5bc810e82022-04-04 14:01:53.830root 11241100x8000000000000000187379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7f8ea4554e76652022-04-04 14:01:53.830root 11241100x8000000000000000187378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc36950a1815e8e2022-04-04 14:01:53.830root 11241100x8000000000000000187377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1971f95e58e75b2022-04-04 14:01:53.830root 11241100x8000000000000000187376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb4d04027e00c3d2022-04-04 14:01:53.830root 11241100x8000000000000000187375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cedd986785895632022-04-04 14:01:53.830root 11241100x8000000000000000187374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcec8fedbc1755812022-04-04 14:01:53.830root 11241100x8000000000000000187387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c2948f0e9ddc22022-04-04 14:01:53.831root 11241100x8000000000000000187386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025472bad3255a3e2022-04-04 14:01:53.831root 11241100x8000000000000000187385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37902d50adb0337d2022-04-04 14:01:53.831root 11241100x8000000000000000187384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f063c436e20cc2022-04-04 14:01:53.831root 11241100x8000000000000000187383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58060c1b703988e02022-04-04 14:01:53.831root 11241100x8000000000000000187382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.831{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b112b1f8b67fa42022-04-04 14:01:53.831root 11241100x8000000000000000187398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f821dbd11bdecf2022-04-04 14:01:53.832root 11241100x8000000000000000187397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb53a96572e6f6b2022-04-04 14:01:53.832root 11241100x8000000000000000187396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0280a676505982022-04-04 14:01:53.832root 11241100x8000000000000000187395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d34877c12298522022-04-04 14:01:53.832root 11241100x8000000000000000187394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e738933636ffe9f2022-04-04 14:01:53.832root 11241100x8000000000000000187393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f131529b922d6ef2022-04-04 14:01:53.832root 11241100x8000000000000000187392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5382274251bc92e2022-04-04 14:01:53.832root 11241100x8000000000000000187391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdc6dece40bd92a2022-04-04 14:01:53.832root 11241100x8000000000000000187390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffe10c61499a1d32022-04-04 14:01:53.832root 11241100x8000000000000000187389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c1e59116474daa2022-04-04 14:01:53.832root 11241100x8000000000000000187388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54431d641a3701462022-04-04 14:01:53.832root 11241100x8000000000000000187410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d2011a3961d0d92022-04-04 14:01:53.833root 11241100x8000000000000000187409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bb4c1ccec507c22022-04-04 14:01:53.833root 11241100x8000000000000000187408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1e71b15fcf77de2022-04-04 14:01:53.833root 11241100x8000000000000000187407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc15828880b5ae52022-04-04 14:01:53.833root 11241100x8000000000000000187406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0b181daec8d7792022-04-04 14:01:53.833root 11241100x8000000000000000187405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2bd1a578b2ac752022-04-04 14:01:53.833root 11241100x8000000000000000187404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d171947bd96f3ab82022-04-04 14:01:53.833root 11241100x8000000000000000187403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0ed3dd0165994b2022-04-04 14:01:53.833root 11241100x8000000000000000187402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4ebaf4d7eb3ff2022-04-04 14:01:53.833root 11241100x8000000000000000187401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fd7214b17ad3bd2022-04-04 14:01:53.833root 11241100x8000000000000000187400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18ae9d3b23260e32022-04-04 14:01:53.833root 11241100x8000000000000000187399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b8ac9ca0fe71d62022-04-04 14:01:53.833root 11241100x8000000000000000187417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e2689e1192c5f2022-04-04 14:01:53.834root 11241100x8000000000000000187416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604efc3594e9939b2022-04-04 14:01:53.834root 11241100x8000000000000000187415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f7b4262bbe27af2022-04-04 14:01:53.834root 11241100x8000000000000000187414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d498ca7b9ce6a12022-04-04 14:01:53.834root 11241100x8000000000000000187413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d7c0da3c52c7932022-04-04 14:01:53.834root 11241100x8000000000000000187412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0cd66cbe4046142022-04-04 14:01:53.834root 11241100x8000000000000000187411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fe0006f14f49d32022-04-04 14:01:53.834root 11241100x8000000000000000187427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b491dae0ac21c1872022-04-04 14:01:53.836root 11241100x8000000000000000187426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53ec26c20d371fc2022-04-04 14:01:53.836root 11241100x8000000000000000187425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945c7984f751d2242022-04-04 14:01:53.836root 11241100x8000000000000000187424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d076a3ad2b057cb2022-04-04 14:01:53.836root 11241100x8000000000000000187423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c57b850ce6762e2022-04-04 14:01:53.836root 11241100x8000000000000000187422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe56fe4f5f397be2022-04-04 14:01:53.836root 11241100x8000000000000000187421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c024a89aa6cf432022-04-04 14:01:53.836root 11241100x8000000000000000187420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262fc7dc5429a2df2022-04-04 14:01:53.836root 11241100x8000000000000000187419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1797d344ae309b882022-04-04 14:01:53.836root 11241100x8000000000000000187418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efc7b1273731b1f2022-04-04 14:01:53.836root 11241100x8000000000000000187431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.837{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d2bd3d34e70e2f2022-04-04 14:01:53.837root 11241100x8000000000000000187430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.837{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf1e50c56a3fb0a2022-04-04 14:01:53.837root 11241100x8000000000000000187429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.837{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cb76a1f8e50a2a2022-04-04 14:01:53.837root 11241100x8000000000000000187428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.837{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad40c0cefd70f6e22022-04-04 14:01:53.837root 11241100x8000000000000000187442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e67b1f5df39f6a2022-04-04 14:01:53.838root 11241100x8000000000000000187441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e318be6c2d1ab3052022-04-04 14:01:53.838root 11241100x8000000000000000187440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9233781c58c80cd22022-04-04 14:01:53.838root 11241100x8000000000000000187439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9752ad82d1831fe02022-04-04 14:01:53.838root 11241100x8000000000000000187438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de353d18bc7a03fc2022-04-04 14:01:53.838root 11241100x8000000000000000187437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bb9745ffc5155b2022-04-04 14:01:53.838root 11241100x8000000000000000187436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bf7ecea7f6306e2022-04-04 14:01:53.838root 11241100x8000000000000000187435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac82f62a209431e2022-04-04 14:01:53.838root 11241100x8000000000000000187434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b47f9d93c3e923f2022-04-04 14:01:53.838root 11241100x8000000000000000187433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ab9fa7df3a82e52022-04-04 14:01:53.838root 11241100x8000000000000000187432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.838{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6230a8d1eb674fd92022-04-04 14:01:53.838root 11241100x8000000000000000187444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.839{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278ded08c43c0212022-04-04 14:01:53.839root 11241100x8000000000000000187443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.839{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df432c3b9c87ea422022-04-04 14:01:53.839root 11241100x8000000000000000187455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f41d330d6ab12f2022-04-04 14:01:53.840root 11241100x8000000000000000187454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9064680e600863552022-04-04 14:01:53.840root 11241100x8000000000000000187453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb851c947451185e2022-04-04 14:01:53.840root 11241100x8000000000000000187452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cf5a3637abbb262022-04-04 14:01:53.840root 11241100x8000000000000000187451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d194461923dd862022-04-04 14:01:53.840root 11241100x8000000000000000187450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa08b321fe9e67bd2022-04-04 14:01:53.840root 11241100x8000000000000000187449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88241d73e923ce802022-04-04 14:01:53.840root 11241100x8000000000000000187448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ffde16e218b17e2022-04-04 14:01:53.840root 11241100x8000000000000000187447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15f624d3abe72e02022-04-04 14:01:53.840root 11241100x8000000000000000187446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d427ff7481ec86e2022-04-04 14:01:53.840root 11241100x8000000000000000187445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.840{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d070bb07339d497e2022-04-04 14:01:53.840root 11241100x8000000000000000187462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.841{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729c44771e181d0c2022-04-04 14:01:53.841root 11241100x8000000000000000187461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.841{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54753977f43a36822022-04-04 14:01:53.841root 11241100x8000000000000000187460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.841{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8f1d64ba12b1f92022-04-04 14:01:53.841root 11241100x8000000000000000187459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.841{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c57a0f0498d0922022-04-04 14:01:53.841root 11241100x8000000000000000187458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.841{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6792d2592e14cd0b2022-04-04 14:01:53.841root 11241100x8000000000000000187457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.841{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b167509a39fb91b2022-04-04 14:01:53.841root 11241100x8000000000000000187456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:53.841{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd20027f3cac76c2022-04-04 14:01:53.841root 11241100x8000000000000000187468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f0f7e179006a342022-04-04 14:01:54.327root 11241100x8000000000000000187467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52900745b2d80bb82022-04-04 14:01:54.327root 11241100x8000000000000000187466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1915ee8f201d4f962022-04-04 14:01:54.327root 11241100x8000000000000000187465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba03be5c9a555012022-04-04 14:01:54.327root 11241100x8000000000000000187464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34ac008d6b9d4cf2022-04-04 14:01:54.327root 11241100x8000000000000000187463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.327{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749f940710062bd22022-04-04 14:01:54.327root 11241100x8000000000000000187479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da26a53bdac377442022-04-04 14:01:54.328root 11241100x8000000000000000187478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684dbbb897334c0d2022-04-04 14:01:54.328root 11241100x8000000000000000187477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0568410a55d6e2022-04-04 14:01:54.328root 11241100x8000000000000000187476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428dd2f22b517bf02022-04-04 14:01:54.328root 11241100x8000000000000000187475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26017ced123d0b312022-04-04 14:01:54.328root 11241100x8000000000000000187474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a0f7e6f0bc86812022-04-04 14:01:54.328root 11241100x8000000000000000187473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a3edebad4399cd2022-04-04 14:01:54.328root 11241100x8000000000000000187472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0da9a50ef67b082022-04-04 14:01:54.328root 11241100x8000000000000000187471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f152bcd422939cc42022-04-04 14:01:54.328root 11241100x8000000000000000187470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4dacf2d541fb372022-04-04 14:01:54.328root 11241100x8000000000000000187469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.328{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabf23c641be0f122022-04-04 14:01:54.328root 11241100x8000000000000000187489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae06794dd23399c2022-04-04 14:01:54.329root 11241100x8000000000000000187488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e1bff0f4d8b35c2022-04-04 14:01:54.329root 11241100x8000000000000000187487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f64bf794ccb142022-04-04 14:01:54.329root 11241100x8000000000000000187486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56145db480129b482022-04-04 14:01:54.329root 11241100x8000000000000000187485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c79896cefa7ffe2022-04-04 14:01:54.329root 11241100x8000000000000000187484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51683ab1d5b2ce1d2022-04-04 14:01:54.329root 11241100x8000000000000000187483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9b724998d60dcf2022-04-04 14:01:54.329root 11241100x8000000000000000187482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2894203685de8bb2022-04-04 14:01:54.329root 11241100x8000000000000000187481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40edcda15c5a04412022-04-04 14:01:54.329root 11241100x8000000000000000187480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.329{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0071c71039edeba2022-04-04 14:01:54.329root 11241100x8000000000000000187502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46533e88882069d52022-04-04 14:01:54.330root 11241100x8000000000000000187501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60a5ef35dfa2c712022-04-04 14:01:54.330root 11241100x8000000000000000187500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3af0a2431a77f512022-04-04 14:01:54.330root 11241100x8000000000000000187499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e024c27583a6d2a92022-04-04 14:01:54.330root 11241100x8000000000000000187498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7e8738b00d43682022-04-04 14:01:54.330root 11241100x8000000000000000187497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d452d50b6e76d32022-04-04 14:01:54.330root 11241100x8000000000000000187496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2da3f716be5ce362022-04-04 14:01:54.330root 11241100x8000000000000000187495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bef71ba10dbeb1c2022-04-04 14:01:54.330root 11241100x8000000000000000187494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4ba87d0ebf885b2022-04-04 14:01:54.330root 11241100x8000000000000000187493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cda2915fe65f4362022-04-04 14:01:54.330root 11241100x8000000000000000187492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246a87ff0c1a9eab2022-04-04 14:01:54.330root 11241100x8000000000000000187491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ce113a2f059bde2022-04-04 14:01:54.330root 11241100x8000000000000000187490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.330{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4e8fe3d279279f2022-04-04 14:01:54.330root 11241100x8000000000000000187517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd6fd2cd2c2efd2022-04-04 14:01:54.331root 11241100x8000000000000000187516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97daff050a40f8f02022-04-04 14:01:54.331root 11241100x8000000000000000187515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e47257cf3b809722022-04-04 14:01:54.331root 11241100x8000000000000000187514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a70818f962223132022-04-04 14:01:54.331root 11241100x8000000000000000187513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403fe519990453c72022-04-04 14:01:54.331root 11241100x8000000000000000187512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e990cfa8ea4327d2022-04-04 14:01:54.331root 11241100x8000000000000000187511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3a7c8332fdac6b2022-04-04 14:01:54.331root 11241100x8000000000000000187510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2687cd3a68e18bf2022-04-04 14:01:54.331root 11241100x8000000000000000187509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aba6eacf026c2f2022-04-04 14:01:54.331root 11241100x8000000000000000187508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e856c995cc6c1d2022-04-04 14:01:54.331root 11241100x8000000000000000187507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4297cf53851ef4642022-04-04 14:01:54.331root 11241100x8000000000000000187506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c09bf741635bce2022-04-04 14:01:54.331root 11241100x8000000000000000187505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c11c8f67e885ec32022-04-04 14:01:54.331root 11241100x8000000000000000187504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff247803027a99762022-04-04 14:01:54.331root 11241100x8000000000000000187503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.331{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ce88331aa6a2552022-04-04 14:01:54.331root 11241100x8000000000000000187533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097dafc8c75d341a2022-04-04 14:01:54.332root 11241100x8000000000000000187532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a0895039cc17df2022-04-04 14:01:54.332root 11241100x8000000000000000187531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76408c784073293c2022-04-04 14:01:54.332root 11241100x8000000000000000187530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea30fe9f8473893d2022-04-04 14:01:54.332root 11241100x8000000000000000187529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84cc9b2348f6a82022-04-04 14:01:54.332root 11241100x8000000000000000187528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d608a9f27a7163c92022-04-04 14:01:54.332root 11241100x8000000000000000187527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d78bd49f27ecdb2022-04-04 14:01:54.332root 11241100x8000000000000000187526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c383f9ba2b1edc072022-04-04 14:01:54.332root 11241100x8000000000000000187525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a37f6a2e86c972022-04-04 14:01:54.332root 11241100x8000000000000000187524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a765ddc0f7486c22022-04-04 14:01:54.332root 11241100x8000000000000000187523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8299b7874bcd752f2022-04-04 14:01:54.332root 11241100x8000000000000000187522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4510a6ebc03ad26e2022-04-04 14:01:54.332root 11241100x8000000000000000187521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4df557c9fdc39a62022-04-04 14:01:54.332root 11241100x8000000000000000187520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d348bc7575d00a42022-04-04 14:01:54.332root 11241100x8000000000000000187519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccd2a7d54c847b92022-04-04 14:01:54.332root 11241100x8000000000000000187518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.332{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c460cdc8249e6ea2022-04-04 14:01:54.332root 11241100x8000000000000000187548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4300cb452c59512022-04-04 14:01:54.333root 11241100x8000000000000000187547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb736038b6ef78102022-04-04 14:01:54.333root 11241100x8000000000000000187546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269614ff9e48aa462022-04-04 14:01:54.333root 11241100x8000000000000000187545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc4953f6aad33782022-04-04 14:01:54.333root 11241100x8000000000000000187544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d6cc7ab49378262022-04-04 14:01:54.333root 11241100x8000000000000000187543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f104feaa1b27dab02022-04-04 14:01:54.333root 11241100x8000000000000000187542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c46610bf8d2bf32022-04-04 14:01:54.333root 11241100x8000000000000000187541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24a3fa5705f93e32022-04-04 14:01:54.333root 11241100x8000000000000000187540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439f06f30c9d4d032022-04-04 14:01:54.333root 11241100x8000000000000000187539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4bace4fddb99422022-04-04 14:01:54.333root 11241100x8000000000000000187538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb066aa81ddce882022-04-04 14:01:54.333root 11241100x8000000000000000187537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af9f1963cfd29b62022-04-04 14:01:54.333root 11241100x8000000000000000187536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa3418184deed132022-04-04 14:01:54.333root 11241100x8000000000000000187535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c3068b4d2b4232022-04-04 14:01:54.333root 11241100x8000000000000000187534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.333{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91845d5a03c1cb12022-04-04 14:01:54.333root 11241100x8000000000000000187563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a6ed882daad5592022-04-04 14:01:54.334root 11241100x8000000000000000187562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f788bb02453062022-04-04 14:01:54.334root 11241100x8000000000000000187561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c2f925c2beedde2022-04-04 14:01:54.334root 11241100x8000000000000000187560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6044502ae0d9f4022022-04-04 14:01:54.334root 11241100x8000000000000000187559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba73b206f87d63792022-04-04 14:01:54.334root 11241100x8000000000000000187558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5025564d274bd62022-04-04 14:01:54.334root 11241100x8000000000000000187557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c0b3c8d905daaa2022-04-04 14:01:54.334root 11241100x8000000000000000187556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0386dcb5155cd2202022-04-04 14:01:54.334root 11241100x8000000000000000187555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04be66520cfba5c42022-04-04 14:01:54.334root 11241100x8000000000000000187554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417c5350314bf36b2022-04-04 14:01:54.334root 11241100x8000000000000000187553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479d94084a1d99f2022-04-04 14:01:54.334root 11241100x8000000000000000187552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2a2932b77a7aa02022-04-04 14:01:54.334root 11241100x8000000000000000187551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c2e7d38949711b2022-04-04 14:01:54.334root 11241100x8000000000000000187550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cf1e909abae5302022-04-04 14:01:54.334root 11241100x8000000000000000187549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.334{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31587ec41698f1322022-04-04 14:01:54.334root 11241100x8000000000000000187564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.335{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67faf1b92e253362022-04-04 14:01:54.335root 11241100x8000000000000000187568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973f15385b1cc6f52022-04-04 14:01:54.336root 11241100x8000000000000000187567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81437ce874872d4a2022-04-04 14:01:54.336root 11241100x8000000000000000187566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a383125b98ed2bbd2022-04-04 14:01:54.336root 11241100x8000000000000000187565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.336{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3c7095643634cf2022-04-04 14:01:54.336root 11241100x8000000000000000187570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d8a341250bd8fb2022-04-04 14:01:54.826root 11241100x8000000000000000187569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.826{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257fe34d102ab1a2022-04-04 14:01:54.826root 11241100x8000000000000000187582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5b0ec0bb5820572022-04-04 14:01:54.827root 11241100x8000000000000000187581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6475a6525a180b2022-04-04 14:01:54.827root 11241100x8000000000000000187580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad28f8a961dd51b2022-04-04 14:01:54.827root 11241100x8000000000000000187579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9425f591ec070c2022-04-04 14:01:54.827root 11241100x8000000000000000187578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8237a5c37c4d83cf2022-04-04 14:01:54.827root 11241100x8000000000000000187577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d826f3ee438a4e2022-04-04 14:01:54.827root 11241100x8000000000000000187576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8511cd56dadbfb602022-04-04 14:01:54.827root 11241100x8000000000000000187575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1627f0bab61b5e32022-04-04 14:01:54.827root 11241100x8000000000000000187574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2513daaa6bc84242022-04-04 14:01:54.827root 11241100x8000000000000000187573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a29934bd24cd86c2022-04-04 14:01:54.827root 11241100x8000000000000000187572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d52c6d22fee7852022-04-04 14:01:54.827root 11241100x8000000000000000187571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.827{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ec9acb6085386e2022-04-04 14:01:54.827root 11241100x8000000000000000187596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b25623b0f627d22022-04-04 14:01:54.828root 11241100x8000000000000000187595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bd78081af351c62022-04-04 14:01:54.828root 11241100x8000000000000000187594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bb61a9a574fef02022-04-04 14:01:54.828root 11241100x8000000000000000187593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c521cb5b54859f2022-04-04 14:01:54.828root 11241100x8000000000000000187592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb09b67b01b7b952022-04-04 14:01:54.828root 11241100x8000000000000000187591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1bd87aaf00b1782022-04-04 14:01:54.828root 11241100x8000000000000000187590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98384715b1aeb1652022-04-04 14:01:54.828root 11241100x8000000000000000187589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16af12d3ba6df822022-04-04 14:01:54.828root 11241100x8000000000000000187588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c399085aec52d79b2022-04-04 14:01:54.828root 11241100x8000000000000000187587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba9a1460d75231a2022-04-04 14:01:54.828root 11241100x8000000000000000187586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707dc34b0172a1612022-04-04 14:01:54.828root 11241100x8000000000000000187585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ad3ad8cca3fcf12022-04-04 14:01:54.828root 11241100x8000000000000000187584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e2e2ee5d3b91942022-04-04 14:01:54.828root 11241100x8000000000000000187583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.828{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eaf6772b818e8c2022-04-04 14:01:54.828root 11241100x8000000000000000187608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2adb03103f0e2002022-04-04 14:01:54.829root 11241100x8000000000000000187607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60d1b8380ccda182022-04-04 14:01:54.829root 11241100x8000000000000000187606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b86e34d68242f22022-04-04 14:01:54.829root 11241100x8000000000000000187605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ca15eaee649242022-04-04 14:01:54.829root 11241100x8000000000000000187604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a43c3abeba9324a2022-04-04 14:01:54.829root 11241100x8000000000000000187603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b3e9bccce8395e2022-04-04 14:01:54.829root 11241100x8000000000000000187602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c8629ebcf7c9682022-04-04 14:01:54.829root 11241100x8000000000000000187601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8ff026b12799b72022-04-04 14:01:54.829root 11241100x8000000000000000187600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ff5c5cd1739a962022-04-04 14:01:54.829root 11241100x8000000000000000187599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46adce4484454d12022-04-04 14:01:54.829root 11241100x8000000000000000187598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df69bf780c223a12022-04-04 14:01:54.829root 11241100x8000000000000000187597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.829{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8e573505fc1d4a2022-04-04 14:01:54.829root 11241100x8000000000000000187621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbe49453d55f7552022-04-04 14:01:54.830root 11241100x8000000000000000187620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953730d033e53c712022-04-04 14:01:54.830root 11241100x8000000000000000187619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df924008572a19582022-04-04 14:01:54.830root 11241100x8000000000000000187618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e612b428a54ef6f02022-04-04 14:01:54.830root 11241100x8000000000000000187617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e5b9111f5f0ccb2022-04-04 14:01:54.830root 11241100x8000000000000000187616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b51a8b5fdb434b2022-04-04 14:01:54.830root 11241100x8000000000000000187615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e687c9904f84cc12022-04-04 14:01:54.830root 11241100x8000000000000000187614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a851fe3f20fc0bb2022-04-04 14:01:54.830root 11241100x8000000000000000187613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d5dcb5c36f40822022-04-04 14:01:54.830root 11241100x8000000000000000187612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ba0c6a0d96682a2022-04-04 14:01:54.830root 11241100x8000000000000000187611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d667f8ecbac7b912022-04-04 14:01:54.830root 11241100x8000000000000000187610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d270ef05f246b8e12022-04-04 14:01:54.830root 11241100x8000000000000000187609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.830{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b6547dc607f4152022-04-04 14:01:54.830root 11241100x8000000000000000187630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403cf051e6bdf10e2022-04-04 14:01:54.832root 11241100x8000000000000000187629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd09092b9dab5d2022-04-04 14:01:54.832root 11241100x8000000000000000187628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ad4a9d1d43dde32022-04-04 14:01:54.832root 11241100x8000000000000000187627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60423fab3fd0cfbd2022-04-04 14:01:54.832root 11241100x8000000000000000187626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef93aad93e5db7f72022-04-04 14:01:54.832root 11241100x8000000000000000187625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb325b4eb7bcddf92022-04-04 14:01:54.832root 11241100x8000000000000000187624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d5fa05f2e06632022-04-04 14:01:54.832root 11241100x8000000000000000187623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95c9f4ddfb8a2a32022-04-04 14:01:54.832root 11241100x8000000000000000187622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.832{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3f5839e9b086a62022-04-04 14:01:54.832root 11241100x8000000000000000187634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea75b4b250846012022-04-04 14:01:54.833root 11241100x8000000000000000187633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5390439e232ae0f42022-04-04 14:01:54.833root 11241100x8000000000000000187632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b3d664608517c72022-04-04 14:01:54.833root 11241100x8000000000000000187631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.833{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093c57986a0fcca12022-04-04 14:01:54.833root 11241100x8000000000000000187644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c463d014f5b10d2022-04-04 14:01:54.834root 11241100x8000000000000000187643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822608cd521dc2252022-04-04 14:01:54.834root 11241100x8000000000000000187642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a5cf83abd2043a2022-04-04 14:01:54.834root 11241100x8000000000000000187641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0be9924741b5bf2022-04-04 14:01:54.834root 11241100x8000000000000000187640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abab1fb8826891ac2022-04-04 14:01:54.834root 11241100x8000000000000000187639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c10cf73bf2ecc232022-04-04 14:01:54.834root 11241100x8000000000000000187638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c80f44e5d4090a2022-04-04 14:01:54.834root 11241100x8000000000000000187637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3f4a3923f76ce2022-04-04 14:01:54.834root 11241100x8000000000000000187636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e3fb2c64c2f44c2022-04-04 14:01:54.834root 11241100x8000000000000000187635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.834{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532b59a8512fdc3c2022-04-04 14:01:54.834root 11241100x8000000000000000187656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c390c207e6dec12022-04-04 14:01:54.835root 11241100x8000000000000000187655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0c579701bd41422022-04-04 14:01:54.835root 11241100x8000000000000000187654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d33dd75b11ca9d72022-04-04 14:01:54.835root 11241100x8000000000000000187653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7811763d932947f42022-04-04 14:01:54.835root 11241100x8000000000000000187652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b315d50db642bced2022-04-04 14:01:54.835root 11241100x8000000000000000187651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e7757bd02bd3582022-04-04 14:01:54.835root 11241100x8000000000000000187650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e500cb248474b9a2022-04-04 14:01:54.835root 11241100x8000000000000000187649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c4f153dcc951a12022-04-04 14:01:54.835root 11241100x8000000000000000187648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a6add00a41c4382022-04-04 14:01:54.835root 11241100x8000000000000000187647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614f66d6020788972022-04-04 14:01:54.835root 11241100x8000000000000000187646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2c4d76513dc1312022-04-04 14:01:54.835root 11241100x8000000000000000187645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.835{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25d6d95384d2512022-04-04 14:01:54.835root 11241100x8000000000000000187668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a47b2a6b35a5f82022-04-04 14:01:54.836root 11241100x8000000000000000187667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ac4873dc8f67072022-04-04 14:01:54.836root 11241100x8000000000000000187666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd92caeae177df682022-04-04 14:01:54.836root 11241100x8000000000000000187665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1882018bfc602f2022-04-04 14:01:54.836root 11241100x8000000000000000187664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562f0936b130b74a2022-04-04 14:01:54.836root 11241100x8000000000000000187663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82871ef2ba423382022-04-04 14:01:54.836root 11241100x8000000000000000187662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93144d2187e05b932022-04-04 14:01:54.836root 11241100x8000000000000000187661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0729a5b2a4782fe2022-04-04 14:01:54.836root 11241100x8000000000000000187660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13557ccdba52a2c2022-04-04 14:01:54.836root 11241100x8000000000000000187659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef79bccdbb1b79e2022-04-04 14:01:54.836root 11241100x8000000000000000187658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c341a5a4330c5282022-04-04 14:01:54.836root 11241100x8000000000000000187657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:54.836{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e409cea998d067c2022-04-04 14:01:54.836root 354300x8000000000000000187669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.134{ec21797c-eb0a-624a-e087-ab8e10560000}1413/usr/sbin/sshdroottcpfalsefalse64.227.129.254-38480-false10.0.1.20-22- 154100x8000000000000000187671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.135{ec21797c-fa53-624a-e007-d7ec1e560000}5986/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec21797c-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1413--- 11241100x8000000000000000187670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.135{ec21797c-fa53-624a-0000-000000000000}5986/usr/sbin/sshd/proc/5986/oom_score_adj2022-04-04 14:01:55.135root 11241100x8000000000000000187679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d58d013b69c0e22022-04-04 14:01:55.137root 11241100x8000000000000000187678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecb1f8d51b404d72022-04-04 14:01:55.137root 11241100x8000000000000000187677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888eaeb4c90968e2022-04-04 14:01:55.137root 11241100x8000000000000000187676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee29977f9c2b172022-04-04 14:01:55.137root 11241100x8000000000000000187675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeba49ac17fced932022-04-04 14:01:55.137root 11241100x8000000000000000187674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88158b12097fbcff2022-04-04 14:01:55.137root 11241100x8000000000000000187673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4ecb7883cf31f12022-04-04 14:01:55.137root 11241100x8000000000000000187672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.137{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c766b7dc48c58b732022-04-04 14:01:55.137root 11241100x8000000000000000187693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae34ea1b8516f9a2022-04-04 14:01:55.138root 11241100x8000000000000000187692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65a1209acd396fb2022-04-04 14:01:55.138root 11241100x8000000000000000187691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e85fa6bcb8f8252022-04-04 14:01:55.138root 11241100x8000000000000000187690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c1e1130247ca8d2022-04-04 14:01:55.138root 11241100x8000000000000000187689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e9f1bf06722cb42022-04-04 14:01:55.138root 11241100x8000000000000000187688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89b7797862bb86f2022-04-04 14:01:55.138root 11241100x8000000000000000187687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e798687beb23eea2022-04-04 14:01:55.138root 11241100x8000000000000000187686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb060118ecbc81f2022-04-04 14:01:55.138root 11241100x8000000000000000187685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c451161876a823b32022-04-04 14:01:55.138root 11241100x8000000000000000187684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e0ef622743067a2022-04-04 14:01:55.138root 11241100x8000000000000000187683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8047cecc17393b72022-04-04 14:01:55.138root 11241100x8000000000000000187682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d862c57f1a7d9422022-04-04 14:01:55.138root 11241100x8000000000000000187681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a4c4b356c558f02022-04-04 14:01:55.138root 11241100x8000000000000000187680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-5501-2022-04-04 14:01:55.138{ec21797c-f0de-624a-60bc-9d9f94550000}5527/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9308abac88cb3a2022-04-04 14:01:55.138root 11241100x8000000000000000187704Linux-Sysmon/Operationa