354300x8000000000000000723195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:08.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50552-false10.0.1.12-8000- 11241100x8000000000000000723196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03fee4a9937280e2021-12-21 12:50:08.692root 23542300x8000000000000000723197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.133{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000723198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90409ac990abe22b2021-12-21 12:50:09.134root 11241100x8000000000000000723199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf8949fa5d018f72021-12-21 12:50:09.134root 11241100x8000000000000000723200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c052828a69cddb712021-12-21 12:50:09.442root 11241100x8000000000000000723201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e5df44ed5ae872021-12-21 12:50:09.443root 11241100x8000000000000000723202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16931263bab207ae2021-12-21 12:50:09.942root 11241100x8000000000000000723203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceabd119af5a8af22021-12-21 12:50:09.943root 11241100x8000000000000000723204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95503c3bc01f1c9c2021-12-21 12:50:10.442root 11241100x8000000000000000723205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0159c0a8743b26f22021-12-21 12:50:10.442root 11241100x8000000000000000723206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0e969880254372021-12-21 12:50:10.942root 11241100x8000000000000000723207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059fd967f44ab9c32021-12-21 12:50:10.942root 11241100x8000000000000000723208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096971b2c80f441f2021-12-21 12:50:11.443root 11241100x8000000000000000723209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5512a4a1b1d94afe2021-12-21 12:50:11.443root 11241100x8000000000000000723210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3caac73f811cfe32021-12-21 12:50:11.942root 11241100x8000000000000000723211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0130fe18f556e1672021-12-21 12:50:11.943root 11241100x8000000000000000723212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989420e1527e484e2021-12-21 12:50:12.442root 11241100x8000000000000000723213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab830b67ba82dda2021-12-21 12:50:12.443root 11241100x8000000000000000723214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d7a5df42eb9e3a2021-12-21 12:50:12.942root 11241100x8000000000000000723215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167cf6aaa1cc37632021-12-21 12:50:12.943root 11241100x8000000000000000723216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61101f59b08aa1a2021-12-21 12:50:13.443root 11241100x8000000000000000723217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df7bc3ddafd065b2021-12-21 12:50:13.443root 11241100x8000000000000000723218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a19eb6030449732021-12-21 12:50:13.943root 11241100x8000000000000000723219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068d7d4f381f1132021-12-21 12:50:13.943root 354300x8000000000000000723220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50554-false10.0.1.12-8000- 11241100x8000000000000000723221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f7a55bf489a40c2021-12-21 12:50:14.442root 11241100x8000000000000000723222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57680734ba1602c32021-12-21 12:50:14.443root 11241100x8000000000000000723223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ad519e356b22ea2021-12-21 12:50:14.443root 11241100x8000000000000000723224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd39914e89f7db9a2021-12-21 12:50:14.942root 11241100x8000000000000000723225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d85ed4d4dd2ee2021-12-21 12:50:14.943root 11241100x8000000000000000723226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa15b24a0e12b922021-12-21 12:50:14.943root 11241100x8000000000000000723227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431a9ed74ed2bded2021-12-21 12:50:15.442root 11241100x8000000000000000723228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3e82487e16bc222021-12-21 12:50:15.443root 11241100x8000000000000000723229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1e36f71bb7d76e2021-12-21 12:50:15.443root 11241100x8000000000000000723230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddef05cc02bd7f92021-12-21 12:50:15.942root 11241100x8000000000000000723231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd2f3dfefc286932021-12-21 12:50:15.943root 11241100x8000000000000000723232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb60051c3b2c3a2021-12-21 12:50:15.943root 11241100x8000000000000000723233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338511af397db302021-12-21 12:50:16.442root 11241100x8000000000000000723234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1d04b9b988d4802021-12-21 12:50:16.443root 11241100x8000000000000000723235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e24900bb08c4f32021-12-21 12:50:16.443root 11241100x8000000000000000723236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a46018c2750b702021-12-21 12:50:16.942root 11241100x8000000000000000723237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21630c195a2d485b2021-12-21 12:50:16.943root 11241100x8000000000000000723238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a710cf7254500782021-12-21 12:50:16.943root 11241100x8000000000000000723239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857a229a06ea2b962021-12-21 12:50:17.442root 11241100x8000000000000000723240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c116c3840eefd2021-12-21 12:50:17.443root 11241100x8000000000000000723241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97d2a9c8b26af752021-12-21 12:50:17.443root 11241100x8000000000000000723242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253187b3f229bc782021-12-21 12:50:17.942root 11241100x8000000000000000723243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a571742903f1ff382021-12-21 12:50:17.943root 11241100x8000000000000000723244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081f7b0b5224da4b2021-12-21 12:50:17.943root 11241100x8000000000000000723245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5083ccaaa4a2b2422021-12-21 12:50:18.442root 11241100x8000000000000000723246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07784487d2fce75e2021-12-21 12:50:18.443root 11241100x8000000000000000723247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2011e0aaead566b2021-12-21 12:50:18.443root 11241100x8000000000000000723248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e001dcc3dbfba02021-12-21 12:50:18.942root 11241100x8000000000000000723249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2c137206cffa152021-12-21 12:50:18.943root 11241100x8000000000000000723250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbec48a3d7802522021-12-21 12:50:18.943root 354300x8000000000000000723251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50556-false10.0.1.12-8000- 11241100x8000000000000000723252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62de8480e4a33b2f2021-12-21 12:50:19.219root 11241100x8000000000000000723253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed514d295a488c2021-12-21 12:50:19.219root 11241100x8000000000000000723254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67130b38445c31772021-12-21 12:50:19.219root 11241100x8000000000000000723255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217d0b4fa203e1782021-12-21 12:50:19.219root 11241100x8000000000000000723256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0259b39209cb48c12021-12-21 12:50:19.692root 11241100x8000000000000000723257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77404beb51e279282021-12-21 12:50:19.693root 11241100x8000000000000000723258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba832ede8920eae2021-12-21 12:50:19.693root 11241100x8000000000000000723259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a11e7017baa3632021-12-21 12:50:19.693root 11241100x8000000000000000723260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e000246667d553892021-12-21 12:50:20.193root 11241100x8000000000000000723261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2e788e183866e2021-12-21 12:50:20.193root 11241100x8000000000000000723262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326135baeb3d96242021-12-21 12:50:20.193root 11241100x8000000000000000723263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d1cfb1ec7bab92021-12-21 12:50:20.193root 11241100x8000000000000000723264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b20d848d108134d2021-12-21 12:50:20.692root 11241100x8000000000000000723265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af2023d7060b6132021-12-21 12:50:20.693root 11241100x8000000000000000723266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8a0cba7e04a7f52021-12-21 12:50:20.693root 11241100x8000000000000000723267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6221f23aeb6692462021-12-21 12:50:20.693root 11241100x8000000000000000723268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a64e1966d532902021-12-21 12:50:21.192root 11241100x8000000000000000723269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92e961a965716b62021-12-21 12:50:21.193root 11241100x8000000000000000723270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3058917d6c465172021-12-21 12:50:21.193root 11241100x8000000000000000723271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eeeba1fc5cf79f2021-12-21 12:50:21.193root 11241100x8000000000000000723272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341a6acf884f624d2021-12-21 12:50:21.692root 11241100x8000000000000000723273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fe00fbc7fa1152021-12-21 12:50:21.693root 11241100x8000000000000000723274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850603cf84f4931d2021-12-21 12:50:21.693root 11241100x8000000000000000723275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4585f7d0a83e67c2021-12-21 12:50:21.693root 11241100x8000000000000000723276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b404956b0a7c12021-12-21 12:50:22.192root 11241100x8000000000000000723277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57146f4a83eb090a2021-12-21 12:50:22.193root 11241100x8000000000000000723278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd631a904fed022021-12-21 12:50:22.193root 11241100x8000000000000000723279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d33f6a370127152021-12-21 12:50:22.193root 11241100x8000000000000000723280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245eac089727e4b62021-12-21 12:50:22.692root 11241100x8000000000000000723281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211d3de82ef6d33e2021-12-21 12:50:22.693root 11241100x8000000000000000723282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a6f5706e04dd92021-12-21 12:50:22.693root 11241100x8000000000000000723283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97f7749cc9c6c292021-12-21 12:50:22.693root 11241100x8000000000000000723284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8efad807b9bd5892021-12-21 12:50:23.192root 11241100x8000000000000000723285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ebeb00a535560f2021-12-21 12:50:23.193root 11241100x8000000000000000723286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d465233fe661cc22021-12-21 12:50:23.193root 11241100x8000000000000000723287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a8980de9bf35402021-12-21 12:50:23.193root 11241100x8000000000000000723288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e752693fba7d6c2021-12-21 12:50:23.692root 11241100x8000000000000000723289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55de2b45cb7487dd2021-12-21 12:50:23.693root 11241100x8000000000000000723290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1838e60864410e9c2021-12-21 12:50:23.693root 11241100x8000000000000000723291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652c02ffd7997c912021-12-21 12:50:23.693root 11241100x8000000000000000723292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fb2a609380de682021-12-21 12:50:24.192root 11241100x8000000000000000723293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820a3fbc7fcc3cb32021-12-21 12:50:24.193root 11241100x8000000000000000723294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b9210f35084d942021-12-21 12:50:24.193root 11241100x8000000000000000723295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233949e7e662cd282021-12-21 12:50:24.193root 354300x8000000000000000723296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.232{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50558-false10.0.1.12-8000- 11241100x8000000000000000723297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d12c25f334e052021-12-21 12:50:24.693root 11241100x8000000000000000723298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256366bfa2e2bb3d2021-12-21 12:50:24.693root 11241100x8000000000000000723299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292c7548821090bb2021-12-21 12:50:24.693root 11241100x8000000000000000723300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d340c998fbd8c2021-12-21 12:50:24.693root 11241100x8000000000000000723301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf04e8825963fccf2021-12-21 12:50:24.693root 23542300x8000000000000000723302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.746{ec2b6afe-cd59-61c1-80c2-7097fd550000}10155ubuntu/bin/nano/home/ubuntu/./.stdout_etc.sh.swp--- 534500x8000000000000000723303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.746{ec2b6afe-cd59-61c1-80c2-7097fd550000}10155/bin/nanoubuntu 11241100x8000000000000000723304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f005e4bc9246112021-12-21 12:50:25.193root 11241100x8000000000000000723305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d5c3548f6d5842021-12-21 12:50:25.193root 11241100x8000000000000000723306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e1d37089efb582021-12-21 12:50:25.193root 11241100x8000000000000000723307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15867eec3396bf562021-12-21 12:50:25.193root 11241100x8000000000000000723308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8f64ed4b831e742021-12-21 12:50:25.193root 11241100x8000000000000000723309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c61188fefb13a942021-12-21 12:50:25.193root 11241100x8000000000000000723310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f860d4011d8e31d2021-12-21 12:50:25.193root 11241100x8000000000000000723311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87711742b1d33da2021-12-21 12:50:25.693root 11241100x8000000000000000723312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6482e7ce07a5402021-12-21 12:50:25.693root 11241100x8000000000000000723313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2c8a8868b9a83b2021-12-21 12:50:25.693root 11241100x8000000000000000723314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3b2ec8b09d3aa12021-12-21 12:50:25.693root 11241100x8000000000000000723315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e238293cf671982021-12-21 12:50:25.693root 11241100x8000000000000000723316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8da7ad519918a172021-12-21 12:50:25.693root 11241100x8000000000000000723317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff6193a3df5d632021-12-21 12:50:25.693root 354300x8000000000000000723318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37624-false10.0.1.12-8089- 11241100x8000000000000000723319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6d344e06757e02021-12-21 12:50:25.962root 11241100x8000000000000000723320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015ab97c68a45ceb2021-12-21 12:50:25.962root 11241100x8000000000000000723321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952b137714c341192021-12-21 12:50:25.963root 11241100x8000000000000000723322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42819e8b0c25da52021-12-21 12:50:25.963root 11241100x8000000000000000723323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b03202af9dd5a3c2021-12-21 12:50:25.963root 11241100x8000000000000000723324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5495df587fae40802021-12-21 12:50:25.963root 11241100x8000000000000000723325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8493fd55ed7dd2021-12-21 12:50:25.963root 11241100x8000000000000000723326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c62fb65d4cc55652021-12-21 12:50:25.963root 11241100x8000000000000000723327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de5d4b06a4d687d2021-12-21 12:50:26.443root 11241100x8000000000000000723328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b82adb9492d29b2021-12-21 12:50:26.443root 11241100x8000000000000000723329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90f5dd65c1f4d9a2021-12-21 12:50:26.443root 11241100x8000000000000000723330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb447eeae40e10b2021-12-21 12:50:26.443root 11241100x8000000000000000723331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1a26f21add9cd82021-12-21 12:50:26.443root 11241100x8000000000000000723332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6516c68b22d0202021-12-21 12:50:26.443root 11241100x8000000000000000723333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eff409be3157672021-12-21 12:50:26.443root 11241100x8000000000000000723334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e3e987d544ea5d2021-12-21 12:50:26.443root 11241100x8000000000000000723335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5192692ed475da2021-12-21 12:50:26.943root 11241100x8000000000000000723336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60f3013fe2638d02021-12-21 12:50:26.943root 11241100x8000000000000000723337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6edf9d3be49ae2021-12-21 12:50:26.943root 11241100x8000000000000000723338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8e3a167aad371f2021-12-21 12:50:26.943root 11241100x8000000000000000723339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0487bbbfe5ea5c332021-12-21 12:50:26.943root 11241100x8000000000000000723340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d1c9301debbe22021-12-21 12:50:26.943root 11241100x8000000000000000723341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f9f486c59e3d872021-12-21 12:50:26.943root 11241100x8000000000000000723342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948553d1a48f7ff2021-12-21 12:50:26.943root 154100x8000000000000000723343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.384{ec2b6afe-cd93-61c1-08f6-50cc6f550000}10157/usr/bin/clear-----clear/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000723344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-cd93-61c1-08f6-50cc6f550000}10157/usr/bin/clearubuntu 11241100x8000000000000000723345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad4c507dcef8e3e2021-12-21 12:50:27.385root 11241100x8000000000000000723346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8336e89b16dcb2021-12-21 12:50:27.385root 11241100x8000000000000000723347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc04189ccb49c572021-12-21 12:50:27.385root 11241100x8000000000000000723348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7eed4d5434113b2021-12-21 12:50:27.385root 11241100x8000000000000000723349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e387fbd8fc73e2ac2021-12-21 12:50:27.385root 11241100x8000000000000000723350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690be0396ec857672021-12-21 12:50:27.386root 11241100x8000000000000000723351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a485a3d5483fc12021-12-21 12:50:27.386root 11241100x8000000000000000723352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d906ddebefb8c92021-12-21 12:50:27.386root 11241100x8000000000000000723353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3433b2b6a369bc2021-12-21 12:50:27.386root 11241100x8000000000000000723354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f670abde9f2a19d2021-12-21 12:50:27.693root 11241100x8000000000000000723355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfd473b13a6290c2021-12-21 12:50:27.693root 11241100x8000000000000000723356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b1e3a2038bc30f2021-12-21 12:50:27.693root 11241100x8000000000000000723357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cca1c7410058032021-12-21 12:50:27.693root 11241100x8000000000000000723358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b74ed62faa0962021-12-21 12:50:27.693root 11241100x8000000000000000723359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a246e207aa67df802021-12-21 12:50:27.693root 11241100x8000000000000000723360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca302cd748f5f02021-12-21 12:50:27.693root 11241100x8000000000000000723361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9fb39a26bfafb92021-12-21 12:50:27.693root 11241100x8000000000000000723362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b783ff4a5c40c32021-12-21 12:50:27.693root 11241100x8000000000000000723363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4220d9736150912021-12-21 12:50:27.693root 11241100x8000000000000000723364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560477a6cdac0f5d2021-12-21 12:50:28.193root 11241100x8000000000000000723365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1457f4d526b1d5002021-12-21 12:50:28.193root 11241100x8000000000000000723366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8623198c950092c2021-12-21 12:50:28.193root 11241100x8000000000000000723367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16458208ced1bf382021-12-21 12:50:28.193root 11241100x8000000000000000723368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9584a10b506d8a2021-12-21 12:50:28.193root 11241100x8000000000000000723369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff5bd818613df362021-12-21 12:50:28.193root 11241100x8000000000000000723370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03253e296ca023da2021-12-21 12:50:28.193root 11241100x8000000000000000723371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d2560e0a9dc762021-12-21 12:50:28.193root 11241100x8000000000000000723372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a0d94ecb98d1ee2021-12-21 12:50:28.193root 11241100x8000000000000000723373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabaa4727e7b453c2021-12-21 12:50:28.193root 11241100x8000000000000000723374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5b0edb86d60de52021-12-21 12:50:28.693root 11241100x8000000000000000723375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8049fd3f5d4e98d22021-12-21 12:50:28.693root 11241100x8000000000000000723376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d851113fa0ea7cd2021-12-21 12:50:28.693root 11241100x8000000000000000723377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3360ba7c5f075e52021-12-21 12:50:28.693root 11241100x8000000000000000723378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9458f740122ae3362021-12-21 12:50:28.693root 11241100x8000000000000000723379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f76f3f8350c71c2021-12-21 12:50:28.693root 11241100x8000000000000000723380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caecd9ba3f82f6d12021-12-21 12:50:28.693root 11241100x8000000000000000723381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d0e8c6fe4be3672021-12-21 12:50:28.693root 11241100x8000000000000000723382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6d7751ec9c16122021-12-21 12:50:28.693root 11241100x8000000000000000723383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07306918dcda53832021-12-21 12:50:28.694root 11241100x8000000000000000723384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa90471a5ec7942021-12-21 12:50:29.193root 11241100x8000000000000000723385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3153b3c7b587c5a72021-12-21 12:50:29.193root 11241100x8000000000000000723386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1173e167698a3092021-12-21 12:50:29.193root 11241100x8000000000000000723387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61df82dfea034b02021-12-21 12:50:29.193root 11241100x8000000000000000723388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61de354b6871222021-12-21 12:50:29.193root 11241100x8000000000000000723389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d9ba2b34c516d32021-12-21 12:50:29.193root 11241100x8000000000000000723390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecca3ac4a3787152021-12-21 12:50:29.193root 11241100x8000000000000000723391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9d398c3afe30712021-12-21 12:50:29.193root 11241100x8000000000000000723392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0c2a958bb423d22021-12-21 12:50:29.193root 11241100x8000000000000000723393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba1374f887e86452021-12-21 12:50:29.193root 11241100x8000000000000000723394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf80c5cae563651d2021-12-21 12:50:29.693root 11241100x8000000000000000723395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8f76eb8448bd2f2021-12-21 12:50:29.693root 11241100x8000000000000000723396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9f49145f5b4b992021-12-21 12:50:29.693root 11241100x8000000000000000723397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a2d0da90b6f802021-12-21 12:50:29.693root 11241100x8000000000000000723398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dddbee2052f1312021-12-21 12:50:29.693root 11241100x8000000000000000723399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b4a5b14ef96722021-12-21 12:50:29.693root 11241100x8000000000000000723400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5bb752327cd2432021-12-21 12:50:29.693root 11241100x8000000000000000723401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa9f7ceaa31c5b22021-12-21 12:50:29.693root 11241100x8000000000000000723402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf30dfcf732b2f92021-12-21 12:50:29.693root 11241100x8000000000000000723403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8af849179f656bb2021-12-21 12:50:29.693root 11241100x8000000000000000723404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7273f0a7cad55a2021-12-21 12:50:30.193root 11241100x8000000000000000723405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf406d2350fc02ea2021-12-21 12:50:30.193root 11241100x8000000000000000723406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc7ac929c35a932021-12-21 12:50:30.193root 11241100x8000000000000000723407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99409e5a460136372021-12-21 12:50:30.193root 11241100x8000000000000000723408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6843e53367d590c02021-12-21 12:50:30.193root 11241100x8000000000000000723409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4008da732b5dc6082021-12-21 12:50:30.193root 11241100x8000000000000000723410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76fcc3f8d48da2b2021-12-21 12:50:30.193root 11241100x8000000000000000723411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd0cc7b7d7e105a2021-12-21 12:50:30.193root 11241100x8000000000000000723412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd918eca3b61bfa2021-12-21 12:50:30.193root 11241100x8000000000000000723413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc67a227743ff3a72021-12-21 12:50:30.193root 354300x8000000000000000723414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.228{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50562-false10.0.1.12-8000- 11241100x8000000000000000723415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b062fbf2c23329582021-12-21 12:50:30.693root 11241100x8000000000000000723416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2d7ed483a1c00b2021-12-21 12:50:30.693root 11241100x8000000000000000723417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ef44d074afed552021-12-21 12:50:30.693root 11241100x8000000000000000723418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a35f3e043b7f112021-12-21 12:50:30.693root 11241100x8000000000000000723419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36eee905f0403d82021-12-21 12:50:30.693root 11241100x8000000000000000723420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd46fa5a06ec89a2021-12-21 12:50:30.693root 11241100x8000000000000000723421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d71aa5d7a215cd2021-12-21 12:50:30.693root 11241100x8000000000000000723422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7792ed5533a294862021-12-21 12:50:30.693root 11241100x8000000000000000723423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f218ef8f3ad6ec22021-12-21 12:50:30.693root 11241100x8000000000000000723424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cae5d4d950c5c532021-12-21 12:50:30.693root 11241100x8000000000000000723425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d70677371337f742021-12-21 12:50:30.693root 11241100x8000000000000000723426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ad21c39b9f1242021-12-21 12:50:31.193root 11241100x8000000000000000723427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a41fc6a5d3723b2021-12-21 12:50:31.193root 11241100x8000000000000000723428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdc6edeba86980c2021-12-21 12:50:31.193root 11241100x8000000000000000723429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c289329add065d7f2021-12-21 12:50:31.193root 11241100x8000000000000000723430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e8c92642727752021-12-21 12:50:31.193root 11241100x8000000000000000723431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b22c378fea298f2021-12-21 12:50:31.193root 11241100x8000000000000000723432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc6cba9e0920b1a2021-12-21 12:50:31.193root 11241100x8000000000000000723433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f94270f96911652021-12-21 12:50:31.193root 11241100x8000000000000000723434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd916f83fed8661b2021-12-21 12:50:31.193root 11241100x8000000000000000723435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad70b979ac17a962021-12-21 12:50:31.193root 11241100x8000000000000000723436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ddc368a9fd232f2021-12-21 12:50:31.194root 11241100x8000000000000000723437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9046e546c7d79da62021-12-21 12:50:31.693root 11241100x8000000000000000723438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da656db97a56f9442021-12-21 12:50:31.693root 11241100x8000000000000000723439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3c3d5872e11c52021-12-21 12:50:31.693root 11241100x8000000000000000723440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc01f899ad7c85dd2021-12-21 12:50:31.693root 11241100x8000000000000000723441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674b3f7bf69b986e2021-12-21 12:50:31.693root 11241100x8000000000000000723442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec864d4461da3732021-12-21 12:50:31.693root 11241100x8000000000000000723443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a970161d73ea8e2021-12-21 12:50:31.693root 11241100x8000000000000000723444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbde0b82c984acf2021-12-21 12:50:31.693root 11241100x8000000000000000723445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6de434ba813b1762021-12-21 12:50:31.693root 11241100x8000000000000000723446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b18e7030d24582021-12-21 12:50:31.693root 11241100x8000000000000000723447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4f1f9613031f22021-12-21 12:50:31.694root 11241100x8000000000000000723448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf9a55c5361dc82021-12-21 12:50:32.193root 11241100x8000000000000000723449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2ebd615bf4ffad2021-12-21 12:50:32.193root 11241100x8000000000000000723450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0621f66b6e57a72e2021-12-21 12:50:32.193root 11241100x8000000000000000723451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f975a7ebafea062021-12-21 12:50:32.193root 11241100x8000000000000000723452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1196eca289338bae2021-12-21 12:50:32.193root 11241100x8000000000000000723453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d55bbba996bf982021-12-21 12:50:32.193root 11241100x8000000000000000723454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4589a4c5ac2f54dd2021-12-21 12:50:32.193root 11241100x8000000000000000723455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6369f0189cf2aaf2021-12-21 12:50:32.193root 11241100x8000000000000000723456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c59e828bda2faec2021-12-21 12:50:32.194root 11241100x8000000000000000723457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691ef9f293946ec2021-12-21 12:50:32.194root 11241100x8000000000000000723458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7bf6e6611dba062021-12-21 12:50:32.194root 11241100x8000000000000000723459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e7d220d53a30442021-12-21 12:50:32.693root 11241100x8000000000000000723460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a219829489808c52021-12-21 12:50:32.693root 11241100x8000000000000000723461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace6956c33b9f2752021-12-21 12:50:32.693root 11241100x8000000000000000723462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d072bae5172f9d92021-12-21 12:50:32.693root 11241100x8000000000000000723463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b945e68334d03af2021-12-21 12:50:32.693root 11241100x8000000000000000723464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c494939c59bf35c32021-12-21 12:50:32.693root 11241100x8000000000000000723465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69b284853672382021-12-21 12:50:32.693root 11241100x8000000000000000723466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d82e8a4d522dece2021-12-21 12:50:32.693root 11241100x8000000000000000723467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9404fd25c7c5a8f22021-12-21 12:50:32.693root 11241100x8000000000000000723468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15ec36f9e7427852021-12-21 12:50:32.694root 11241100x8000000000000000723469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328059a9da65cc32021-12-21 12:50:32.694root 11241100x8000000000000000723470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e661d067f74e98a92021-12-21 12:50:33.193root 11241100x8000000000000000723471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c15d3446c902fd92021-12-21 12:50:33.193root 11241100x8000000000000000723472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54fc910a5906cd2021-12-21 12:50:33.193root 11241100x8000000000000000723473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a832c8c01f749b2021-12-21 12:50:33.193root 11241100x8000000000000000723474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8806fa4ab38dfb2021-12-21 12:50:33.193root 11241100x8000000000000000723475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200791505badfda72021-12-21 12:50:33.193root 11241100x8000000000000000723476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b4a055861a29f2021-12-21 12:50:33.193root 11241100x8000000000000000723477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d7b61439d461bf2021-12-21 12:50:33.193root 11241100x8000000000000000723478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff58442cf56cca2021-12-21 12:50:33.193root 11241100x8000000000000000723479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598760661e4e09e52021-12-21 12:50:33.193root 11241100x8000000000000000723480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21d73fae4835b282021-12-21 12:50:33.194root 11241100x8000000000000000723481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb895f8969431f62021-12-21 12:50:33.693root 11241100x8000000000000000723482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d215bdab91bd0b0e2021-12-21 12:50:33.693root 11241100x8000000000000000723483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd01e85de04bc10e2021-12-21 12:50:33.693root 11241100x8000000000000000723484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107d16477042b7472021-12-21 12:50:33.693root 11241100x8000000000000000723485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce926779c6303fa42021-12-21 12:50:33.693root 11241100x8000000000000000723486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a32ad92844c2fa2021-12-21 12:50:33.693root 11241100x8000000000000000723487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66652681876c1fb02021-12-21 12:50:33.693root 11241100x8000000000000000723488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc000b7020db8a542021-12-21 12:50:33.693root 11241100x8000000000000000723489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b3544724642f9b2021-12-21 12:50:33.693root 11241100x8000000000000000723490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533207a1bb00e39b2021-12-21 12:50:33.693root 11241100x8000000000000000723491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f493dd4b65d6952021-12-21 12:50:33.694root 11241100x8000000000000000723492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef74836760675b7c2021-12-21 12:50:34.193root 11241100x8000000000000000723493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c4af65ee4862ba2021-12-21 12:50:34.193root 11241100x8000000000000000723494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a8247325a6d6bb2021-12-21 12:50:34.193root 11241100x8000000000000000723495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26a82a338e945952021-12-21 12:50:34.193root 11241100x8000000000000000723496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a6e77782a9d4432021-12-21 12:50:34.193root 11241100x8000000000000000723497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f2123177565902021-12-21 12:50:34.193root 11241100x8000000000000000723498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef98740cf0b03902021-12-21 12:50:34.193root 11241100x8000000000000000723499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c181e5f7a7353362021-12-21 12:50:34.193root 11241100x8000000000000000723500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8dd863fd240682021-12-21 12:50:34.193root 11241100x8000000000000000723501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf0dd6d67cb4ed42021-12-21 12:50:34.194root 11241100x8000000000000000723502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152b44fb1895d9662021-12-21 12:50:34.194root 11241100x8000000000000000723503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62df550506d6ec352021-12-21 12:50:34.693root 11241100x8000000000000000723504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac007854acd918842021-12-21 12:50:34.693root 11241100x8000000000000000723505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f646e70d31ce63072021-12-21 12:50:34.693root 11241100x8000000000000000723506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b274ba94db822b242021-12-21 12:50:34.693root 11241100x8000000000000000723507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6377a03e66c24efc2021-12-21 12:50:34.693root 11241100x8000000000000000723508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966442d62e57082b2021-12-21 12:50:34.693root 11241100x8000000000000000723509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f745f6565fe52372021-12-21 12:50:34.693root 11241100x8000000000000000723510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f42610796ba5b122021-12-21 12:50:34.693root 11241100x8000000000000000723511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8641156afc77a2021-12-21 12:50:34.693root 11241100x8000000000000000723512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b7e523e3d0f60a2021-12-21 12:50:34.693root 11241100x8000000000000000723513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f37351a744ad1f22021-12-21 12:50:34.694root 11241100x8000000000000000723514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1548460913ff9f2021-12-21 12:50:35.192root 11241100x8000000000000000723515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98283f14d17d20e22021-12-21 12:50:35.193root 11241100x8000000000000000723516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955c28fbbedcf0ed2021-12-21 12:50:35.193root 11241100x8000000000000000723517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c55555d0ae68d2021-12-21 12:50:35.193root 11241100x8000000000000000723518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d227e1947fa68e2021-12-21 12:50:35.193root 11241100x8000000000000000723519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477ba6233b414102021-12-21 12:50:35.193root 11241100x8000000000000000723520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec94ce1f1fe398c2021-12-21 12:50:35.193root 11241100x8000000000000000723521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b06920816e9772021-12-21 12:50:35.193root 11241100x8000000000000000723522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5244d0d6c27780e72021-12-21 12:50:35.193root 11241100x8000000000000000723523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6a0992d21f796c2021-12-21 12:50:35.193root 11241100x8000000000000000723524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469db0b237bf9a002021-12-21 12:50:35.193root 11241100x8000000000000000723525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a156f195c20b062021-12-21 12:50:35.693root 11241100x8000000000000000723526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09cc3e6b072c802021-12-21 12:50:35.693root 11241100x8000000000000000723527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef76b90a498456532021-12-21 12:50:35.693root 11241100x8000000000000000723528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44adf5ff223714242021-12-21 12:50:35.693root 11241100x8000000000000000723529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1af58fbc02360d2021-12-21 12:50:35.693root 11241100x8000000000000000723530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472bcc91fc2c6f522021-12-21 12:50:35.693root 11241100x8000000000000000723531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5480e8b0225b79d62021-12-21 12:50:35.693root 11241100x8000000000000000723532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b0206f4de073382021-12-21 12:50:35.693root 11241100x8000000000000000723533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7e5da615af3d822021-12-21 12:50:35.693root 11241100x8000000000000000723534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd74e85b2dfca5a42021-12-21 12:50:35.693root 11241100x8000000000000000723535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0a825e2236a74d2021-12-21 12:50:35.694root 354300x8000000000000000723536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.026{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50564-false10.0.1.12-8000- 11241100x8000000000000000723537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b842e3247e04f3842021-12-21 12:50:36.027root 11241100x8000000000000000723538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bf810d86477c9d2021-12-21 12:50:36.027root 11241100x8000000000000000723539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfa0c7016ec6d702021-12-21 12:50:36.027root 11241100x8000000000000000723540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85877ec9dbfa71542021-12-21 12:50:36.028root 11241100x8000000000000000723541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936dcf01aaa295202021-12-21 12:50:36.028root 11241100x8000000000000000723542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6e5b07482630cd2021-12-21 12:50:36.029root 11241100x8000000000000000723543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dfd872b0c102f62021-12-21 12:50:36.029root 11241100x8000000000000000723544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6711d68e18b09c142021-12-21 12:50:36.029root 11241100x8000000000000000723545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e31cc5527719ca2021-12-21 12:50:36.029root 11241100x8000000000000000723546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2336bcb1a2f74062021-12-21 12:50:36.029root 11241100x8000000000000000723547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff90ee69056bdf12021-12-21 12:50:36.029root 11241100x8000000000000000723548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc993abdb96385832021-12-21 12:50:36.029root 11241100x8000000000000000723549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:50:36.131root 11241100x8000000000000000723550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ed144fb7bb3f932021-12-21 12:50:36.443root 11241100x8000000000000000723551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0728fb7b76167ad2021-12-21 12:50:36.443root 11241100x8000000000000000723552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d9c2d7168ff6432021-12-21 12:50:36.443root 11241100x8000000000000000723553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a68d7b5a6f64682021-12-21 12:50:36.443root 11241100x8000000000000000723554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f221e844f258cd82021-12-21 12:50:36.443root 11241100x8000000000000000723555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bd61ea66d9e6d52021-12-21 12:50:36.443root 11241100x8000000000000000723556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058993bf13fc89c82021-12-21 12:50:36.443root 11241100x8000000000000000723557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7674943c1844a33c2021-12-21 12:50:36.443root 11241100x8000000000000000723558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ee9a0ff0159d672021-12-21 12:50:36.444root 11241100x8000000000000000723559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9d1e55e6d1ee342021-12-21 12:50:36.444root 11241100x8000000000000000723560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f404ed69230f2b942021-12-21 12:50:36.444root 11241100x8000000000000000723561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a094b4029368e2021-12-21 12:50:36.444root 11241100x8000000000000000723562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c3646b907de1bd2021-12-21 12:50:36.444root 11241100x8000000000000000723563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70af8addcd4a66802021-12-21 12:50:36.943root 11241100x8000000000000000723564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668901acd5796522021-12-21 12:50:36.943root 11241100x8000000000000000723565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80894d26b79940092021-12-21 12:50:36.943root 11241100x8000000000000000723566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fddb6068bf90312021-12-21 12:50:36.943root 11241100x8000000000000000723567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768b28896379a8012021-12-21 12:50:36.943root 11241100x8000000000000000723568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f917f60b6bd034bf2021-12-21 12:50:36.943root 11241100x8000000000000000723569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3d9e1cca32e702021-12-21 12:50:36.943root 11241100x8000000000000000723570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a64fb388934b642021-12-21 12:50:36.943root 11241100x8000000000000000723571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1f5c789ec41b012021-12-21 12:50:36.944root 11241100x8000000000000000723572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23804ba95161588b2021-12-21 12:50:36.944root 11241100x8000000000000000723573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc697bff7746f8b42021-12-21 12:50:36.944root 11241100x8000000000000000723574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d943a0fb859ed2a2021-12-21 12:50:36.944root 11241100x8000000000000000723575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0443c8f9f3618e32021-12-21 12:50:36.944root 11241100x8000000000000000723576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b305d2e1133329e2021-12-21 12:50:37.443root 11241100x8000000000000000723577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49b69d8c0e54ab82021-12-21 12:50:37.443root 11241100x8000000000000000723578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d855bb5ca985922021-12-21 12:50:37.443root 11241100x8000000000000000723579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd0a550cc85289d2021-12-21 12:50:37.443root 11241100x8000000000000000723580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0745e3e260608a2021-12-21 12:50:37.443root 11241100x8000000000000000723581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69cf08f1c911c52021-12-21 12:50:37.444root 11241100x8000000000000000723582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74531c9453af7d172021-12-21 12:50:37.444root 11241100x8000000000000000723583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46806b07a84ba95e2021-12-21 12:50:37.444root 11241100x8000000000000000723584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd537cb24b0fa622021-12-21 12:50:37.444root 11241100x8000000000000000723585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a99a5b9cb483322021-12-21 12:50:37.444root 11241100x8000000000000000723586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bc07f63043dccf2021-12-21 12:50:37.444root 11241100x8000000000000000723587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf72c6725254120e2021-12-21 12:50:37.444root 11241100x8000000000000000723588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda1392f3946f4d12021-12-21 12:50:37.444root 11241100x8000000000000000723589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66ce71bbf98c2632021-12-21 12:50:37.943root 11241100x8000000000000000723590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c155231eabd661462021-12-21 12:50:37.943root 11241100x8000000000000000723591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd86f9ef74224a942021-12-21 12:50:37.943root 11241100x8000000000000000723592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84076004340be0192021-12-21 12:50:37.943root 11241100x8000000000000000723593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed41d5dfe9af26d2021-12-21 12:50:37.943root 11241100x8000000000000000723594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec05fb907f01122021-12-21 12:50:37.943root 11241100x8000000000000000723595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a38825cacfe7b7c2021-12-21 12:50:37.943root 11241100x8000000000000000723596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e5916d89935d992021-12-21 12:50:37.943root 11241100x8000000000000000723597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e57e9966c807292021-12-21 12:50:37.944root 11241100x8000000000000000723598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baed8b25c9482182021-12-21 12:50:37.944root 11241100x8000000000000000723599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463212e537e5353e2021-12-21 12:50:37.944root 11241100x8000000000000000723600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af9c4593ba5affa2021-12-21 12:50:37.944root 11241100x8000000000000000723601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cb4f5d0c3a8c0d2021-12-21 12:50:37.944root 11241100x8000000000000000723602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb751246b81a682021-12-21 12:50:38.443root 11241100x8000000000000000723603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3996dedcc30a822021-12-21 12:50:38.443root 11241100x8000000000000000723604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdcebc4edce1f842021-12-21 12:50:38.443root 11241100x8000000000000000723605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1afb4a05831ed1f2021-12-21 12:50:38.443root 11241100x8000000000000000723606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17d147a60d3c04f2021-12-21 12:50:38.443root 11241100x8000000000000000723607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbf43662de6a6a12021-12-21 12:50:38.443root 11241100x8000000000000000723608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7b29a9bd0643282021-12-21 12:50:38.444root 11241100x8000000000000000723609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fca06a18c61a0442021-12-21 12:50:38.444root 11241100x8000000000000000723610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43548298ec8cf8652021-12-21 12:50:38.444root 11241100x8000000000000000723611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc24ff6c298a08e2021-12-21 12:50:38.444root 11241100x8000000000000000723612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8edcfc5e05815d2021-12-21 12:50:38.444root 11241100x8000000000000000723613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115866bd96d902292021-12-21 12:50:38.444root 11241100x8000000000000000723614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626717a5df4f3af2021-12-21 12:50:38.444root 11241100x8000000000000000723615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632bba6f6913fcf2021-12-21 12:50:38.943root 11241100x8000000000000000723616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd399df823b6e62021-12-21 12:50:38.943root 11241100x8000000000000000723617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d50562a708737a2021-12-21 12:50:38.943root 11241100x8000000000000000723618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0f350630f57bdd2021-12-21 12:50:38.943root 11241100x8000000000000000723619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc0b86dfded02e32021-12-21 12:50:38.943root 11241100x8000000000000000723620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980064d1a71200212021-12-21 12:50:38.943root 11241100x8000000000000000723621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b427cb3acf2699a02021-12-21 12:50:38.943root 11241100x8000000000000000723622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48335f5b454d4b8d2021-12-21 12:50:38.943root 11241100x8000000000000000723623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96adf5d2f6c15e12021-12-21 12:50:38.943root 11241100x8000000000000000723624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2cbad05e367d522021-12-21 12:50:38.944root 11241100x8000000000000000723625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daaead0fdb29e7b2021-12-21 12:50:38.944root 11241100x8000000000000000723626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6543396a64f087192021-12-21 12:50:38.944root 11241100x8000000000000000723627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc78ecbb46c3ab92021-12-21 12:50:38.944root 154100x8000000000000000723628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.002{ec2b6afe-cd9f-61c1-6824-c19374550000}10158/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000723629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.013{ec2b6afe-cd9f-61c1-6824-c19374550000}10158/bin/psroot 23542300x8000000000000000723630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.132{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000723631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2951f437520842021-12-21 12:50:39.443root 11241100x8000000000000000723632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013db5034365426c2021-12-21 12:50:39.443root 11241100x8000000000000000723633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542147206d1f41982021-12-21 12:50:39.443root 11241100x8000000000000000723634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd1a8f97bc214462021-12-21 12:50:39.443root 11241100x8000000000000000723635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f6c8952962fd52021-12-21 12:50:39.443root 11241100x8000000000000000723636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978fddae2d063d952021-12-21 12:50:39.443root 11241100x8000000000000000723637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1798bc573a55a82021-12-21 12:50:39.444root 11241100x8000000000000000723638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6b5b33667260d22021-12-21 12:50:39.444root 11241100x8000000000000000723639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6770981f4e1fc942021-12-21 12:50:39.444root 11241100x8000000000000000723640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61f74c0d5b1da092021-12-21 12:50:39.444root 11241100x8000000000000000723641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a26fe04ec79ca82021-12-21 12:50:39.444root 11241100x8000000000000000723642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb90ea818ac72cb92021-12-21 12:50:39.444root 11241100x8000000000000000723643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8b630716eee5712021-12-21 12:50:39.444root 11241100x8000000000000000723644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc4f210faf154b2021-12-21 12:50:39.444root 11241100x8000000000000000723645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83936ae2931970ce2021-12-21 12:50:39.444root 11241100x8000000000000000723646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf64e42ece43fe92021-12-21 12:50:39.444root 11241100x8000000000000000723647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a05a1b7954544282021-12-21 12:50:39.943root 11241100x8000000000000000723648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8b9d68187680d32021-12-21 12:50:39.943root 11241100x8000000000000000723649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa74292ebc6f15952021-12-21 12:50:39.943root 11241100x8000000000000000723650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07b0d5564bc4f5b2021-12-21 12:50:39.943root 11241100x8000000000000000723651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa36e1af5d9e7a72021-12-21 12:50:39.943root 11241100x8000000000000000723652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1cec91038d4302021-12-21 12:50:39.943root 11241100x8000000000000000723653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb18d9f2766382c52021-12-21 12:50:39.944root 11241100x8000000000000000723654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d5816d3feab4a2021-12-21 12:50:39.944root 11241100x8000000000000000723655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413ae6ee91ceba3c2021-12-21 12:50:39.944root 11241100x8000000000000000723656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a65c59b537ae532021-12-21 12:50:39.944root 11241100x8000000000000000723657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d714d0c577b04bab2021-12-21 12:50:39.944root 11241100x8000000000000000723658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917177b26db07a872021-12-21 12:50:39.944root 11241100x8000000000000000723659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc554eeacbf78cd82021-12-21 12:50:39.944root 11241100x8000000000000000723660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dce6e3b00fcb772021-12-21 12:50:39.944root 11241100x8000000000000000723661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717717678659ac642021-12-21 12:50:39.944root 11241100x8000000000000000723662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f15a4c64d6f0f2021-12-21 12:50:39.944root 11241100x8000000000000000723663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1216de4726c5e12021-12-21 12:50:40.443root 11241100x8000000000000000723664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93231a06869c35fc2021-12-21 12:50:40.443root 11241100x8000000000000000723665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d747e61b2d0e72021-12-21 12:50:40.443root 11241100x8000000000000000723666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b167cb4e0a5ec78e2021-12-21 12:50:40.443root 11241100x8000000000000000723667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b4074c11d3fc972021-12-21 12:50:40.443root 11241100x8000000000000000723668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e65990467f6e30f2021-12-21 12:50:40.443root 11241100x8000000000000000723669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746d982c02f277422021-12-21 12:50:40.443root 11241100x8000000000000000723670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a3caa13ebe4b622021-12-21 12:50:40.444root 11241100x8000000000000000723671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51112aced48f9a2f2021-12-21 12:50:40.444root 11241100x8000000000000000723672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea58191a5105ce4e2021-12-21 12:50:40.444root 11241100x8000000000000000723673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1280d45d4b85d62021-12-21 12:50:40.444root 11241100x8000000000000000723674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2295495e520bd1412021-12-21 12:50:40.444root 11241100x8000000000000000723675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af27bb2a848ef752021-12-21 12:50:40.444root 11241100x8000000000000000723676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9a499be4877662021-12-21 12:50:40.444root 11241100x8000000000000000723677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981bef329486453c2021-12-21 12:50:40.444root 11241100x8000000000000000723678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5be3cb1f6a32d92021-12-21 12:50:40.444root 11241100x8000000000000000723679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b505dc24e5a978b2021-12-21 12:50:40.943root 11241100x8000000000000000723680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e558b962a96532021-12-21 12:50:40.943root 11241100x8000000000000000723681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe26090797017a12021-12-21 12:50:40.943root 11241100x8000000000000000723682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cc67926c5fa3a22021-12-21 12:50:40.943root 11241100x8000000000000000723683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344826d8827a72902021-12-21 12:50:40.944root 11241100x8000000000000000723684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd02206787d1c9682021-12-21 12:50:40.944root 11241100x8000000000000000723685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba150dd4c19e5eb32021-12-21 12:50:40.944root 11241100x8000000000000000723686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ac28c36ff36de2021-12-21 12:50:40.944root 11241100x8000000000000000723687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d0209816f451222021-12-21 12:50:40.944root 11241100x8000000000000000723688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c0f330815e54c2021-12-21 12:50:40.944root 11241100x8000000000000000723689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e88e08fa506c12021-12-21 12:50:40.944root 11241100x8000000000000000723690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca02c89e571a19f2021-12-21 12:50:40.944root 11241100x8000000000000000723691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f658f9e87274cda62021-12-21 12:50:40.944root 11241100x8000000000000000723692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a6e97f37b6d482021-12-21 12:50:40.944root 11241100x8000000000000000723693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb1781406b87a52021-12-21 12:50:40.944root 11241100x8000000000000000723694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcc6a549b66afa22021-12-21 12:50:40.944root 354300x8000000000000000723695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.073{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50566-false10.0.1.12-8000- 11241100x8000000000000000723696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55295b1e34871d52021-12-21 12:50:41.443root 11241100x8000000000000000723697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf624989ad790eb82021-12-21 12:50:41.443root 11241100x8000000000000000723698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30194ce6d317dfea2021-12-21 12:50:41.443root 11241100x8000000000000000723699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f2c84e96e048952021-12-21 12:50:41.443root 11241100x8000000000000000723700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2192192a79c6472021-12-21 12:50:41.443root 11241100x8000000000000000723701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35855cc8b36b41032021-12-21 12:50:41.444root 11241100x8000000000000000723702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a0093a7258a2632021-12-21 12:50:41.444root 11241100x8000000000000000723703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af35da8b35a338b2021-12-21 12:50:41.444root 11241100x8000000000000000723704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feee14e4e290166e2021-12-21 12:50:41.444root 11241100x8000000000000000723705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e5d7e58f5e44302021-12-21 12:50:41.444root 11241100x8000000000000000723706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad964ec40b5d68e32021-12-21 12:50:41.444root 11241100x8000000000000000723707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237374cf7362d0c02021-12-21 12:50:41.444root 11241100x8000000000000000723708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4884d12c466356b2021-12-21 12:50:41.444root 11241100x8000000000000000723709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9429ba54acba6632021-12-21 12:50:41.444root 11241100x8000000000000000723710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340eef89d010990e2021-12-21 12:50:41.444root 11241100x8000000000000000723711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e3efe9590d6a6e2021-12-21 12:50:41.444root 11241100x8000000000000000723712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ea57d2494fcf62021-12-21 12:50:41.444root 11241100x8000000000000000723713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d106f2c9b12bb8992021-12-21 12:50:41.943root 11241100x8000000000000000723714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23bb0bdcb12dea02021-12-21 12:50:41.943root 11241100x8000000000000000723715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e09c871578a6c762021-12-21 12:50:41.944root 11241100x8000000000000000723716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebdfdfa03e9ead22021-12-21 12:50:41.944root 11241100x8000000000000000723717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf8630e905695c72021-12-21 12:50:41.944root 11241100x8000000000000000723718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bffc458d08d42a22021-12-21 12:50:41.944root 11241100x8000000000000000723719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f8939ca44e2d312021-12-21 12:50:41.944root 11241100x8000000000000000723720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa0541e8ca8b1c02021-12-21 12:50:41.944root 11241100x8000000000000000723721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d387956cffd45c142021-12-21 12:50:41.945root 11241100x8000000000000000723722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beff7ff37ea6ef942021-12-21 12:50:41.945root 11241100x8000000000000000723723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2271a2d13f0d9cf32021-12-21 12:50:41.945root 11241100x8000000000000000723724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ef0b870c22af882021-12-21 12:50:41.945root 11241100x8000000000000000723725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e9f5804cf98fae2021-12-21 12:50:41.945root 11241100x8000000000000000723726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c72a96b923ccc12021-12-21 12:50:41.945root 11241100x8000000000000000723727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74114bb7cfce5a1e2021-12-21 12:50:41.945root 11241100x8000000000000000723728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ac4775c7265d002021-12-21 12:50:41.946root 11241100x8000000000000000723729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38416aec414532662021-12-21 12:50:41.946root 11241100x8000000000000000723730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bca2cdfee47f8c82021-12-21 12:50:42.443root 11241100x8000000000000000723731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b2a30c48e01ed2021-12-21 12:50:42.443root 11241100x8000000000000000723732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4246fe89976b624e2021-12-21 12:50:42.444root 11241100x8000000000000000723733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ebd45f34172d62021-12-21 12:50:42.444root 11241100x8000000000000000723734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94096c4e0a97ab2021-12-21 12:50:42.444root 11241100x8000000000000000723735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8dbafa25cda172021-12-21 12:50:42.444root 11241100x8000000000000000723736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb1155a82964d5f2021-12-21 12:50:42.444root 11241100x8000000000000000723737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9fd77ad9d99ef52021-12-21 12:50:42.444root 11241100x8000000000000000723738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf22ca329d7a2ee2021-12-21 12:50:42.445root 11241100x8000000000000000723739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec94d686e6460cb12021-12-21 12:50:42.445root 11241100x8000000000000000723740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c237efd952e7262021-12-21 12:50:42.445root 11241100x8000000000000000723741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2383a403499459172021-12-21 12:50:42.445root 11241100x8000000000000000723742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c8b38f663fb8e92021-12-21 12:50:42.445root 11241100x8000000000000000723743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedbcbe8020ac0872021-12-21 12:50:42.445root 11241100x8000000000000000723744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be159bcf8a6738872021-12-21 12:50:42.445root 11241100x8000000000000000723745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8176e3dbc6477ab32021-12-21 12:50:42.446root 11241100x8000000000000000723746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaff8a8c8cb6acf2021-12-21 12:50:42.446root 11241100x8000000000000000723747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828f66bd8069f86a2021-12-21 12:50:42.943root 11241100x8000000000000000723748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c0204dadd023332021-12-21 12:50:42.943root 11241100x8000000000000000723749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee024f2d0a0aab2021-12-21 12:50:42.944root 11241100x8000000000000000723750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea748e71ce77e02a2021-12-21 12:50:42.944root 11241100x8000000000000000723751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9c00950499f0f92021-12-21 12:50:42.944root 11241100x8000000000000000723752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f409baba936da2d32021-12-21 12:50:42.944root 11241100x8000000000000000723753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9051dd4f0870c362021-12-21 12:50:42.944root 11241100x8000000000000000723754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7708a0f3e27690162021-12-21 12:50:42.944root 11241100x8000000000000000723755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca536bae7e9504fb2021-12-21 12:50:42.945root 11241100x8000000000000000723756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4fe00c3d753e72021-12-21 12:50:42.945root 11241100x8000000000000000723757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba248e4f4e14b7b2021-12-21 12:50:42.945root 11241100x8000000000000000723758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd65674693774b722021-12-21 12:50:42.945root 11241100x8000000000000000723759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbfcd6c119004712021-12-21 12:50:42.945root 11241100x8000000000000000723760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ba1c0b9aa8b5e2021-12-21 12:50:42.945root 11241100x8000000000000000723761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1f5b495aaa1f842021-12-21 12:50:42.945root 11241100x8000000000000000723762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49582a50948d5872021-12-21 12:50:42.946root 11241100x8000000000000000723763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062818207f5da2f62021-12-21 12:50:42.946root 11241100x8000000000000000723764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3efc42f95683c7b2021-12-21 12:50:43.443root 11241100x8000000000000000723765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7704452f22724ee52021-12-21 12:50:43.443root 11241100x8000000000000000723766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49900a91654b9b0d2021-12-21 12:50:43.443root 11241100x8000000000000000723767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc227ea43350f3012021-12-21 12:50:43.443root 11241100x8000000000000000723768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1789d19b52373f4f2021-12-21 12:50:43.444root 11241100x8000000000000000723769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e041df9033e04722021-12-21 12:50:43.444root 11241100x8000000000000000723770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a94f56783067a62021-12-21 12:50:43.444root 11241100x8000000000000000723771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a537f15bd6a4490a2021-12-21 12:50:43.444root 11241100x8000000000000000723772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4a2543e86af8342021-12-21 12:50:43.444root 11241100x8000000000000000723773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dc3295c9bf54932021-12-21 12:50:43.444root 11241100x8000000000000000723774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f804625e7040d0572021-12-21 12:50:43.444root 11241100x8000000000000000723775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625d3b6a981621cb2021-12-21 12:50:43.444root 11241100x8000000000000000723776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737e92560112fb3d2021-12-21 12:50:43.444root 11241100x8000000000000000723777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823a657833b178f52021-12-21 12:50:43.444root 11241100x8000000000000000723778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2679fb5364e4316f2021-12-21 12:50:43.444root 11241100x8000000000000000723779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb545fcd0844932021-12-21 12:50:43.444root 11241100x8000000000000000723780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d6135b6790dd12021-12-21 12:50:43.444root 11241100x8000000000000000723781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c676161abdec94de2021-12-21 12:50:43.943root 11241100x8000000000000000723782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2b24bd84fe1b9e2021-12-21 12:50:43.943root 11241100x8000000000000000723783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac99b56adf330292021-12-21 12:50:43.944root 11241100x8000000000000000723784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794a521a5a5ee2742021-12-21 12:50:43.944root 11241100x8000000000000000723785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc5983ebc15f2be2021-12-21 12:50:43.944root 11241100x8000000000000000723786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4f78833c3431a82021-12-21 12:50:43.944root 11241100x8000000000000000723787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81c6790873551702021-12-21 12:50:43.944root 11241100x8000000000000000723788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af4e1700f5066f2021-12-21 12:50:43.944root 11241100x8000000000000000723789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66c62467277198e2021-12-21 12:50:43.945root 11241100x8000000000000000723790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd3b927d212c8c02021-12-21 12:50:43.945root 11241100x8000000000000000723791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62997d4b09987f902021-12-21 12:50:43.945root 11241100x8000000000000000723792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e9067f10b7356f2021-12-21 12:50:43.945root 11241100x8000000000000000723793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2d79d29eca15f2021-12-21 12:50:43.945root 11241100x8000000000000000723794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd4f1789c72c8f72021-12-21 12:50:43.945root 11241100x8000000000000000723795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2691f3bd05572802021-12-21 12:50:43.945root 11241100x8000000000000000723796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6752137320e6e0a82021-12-21 12:50:43.946root 11241100x8000000000000000723797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db1353d4520f8562021-12-21 12:50:43.946root 11241100x8000000000000000723798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75664b575e06f612021-12-21 12:50:44.443root 11241100x8000000000000000723799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad558e0b3d9f1bf2021-12-21 12:50:44.443root 11241100x8000000000000000723800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025ddc37c880e8932021-12-21 12:50:44.444root 11241100x8000000000000000723801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3c0fa5ee67ae12021-12-21 12:50:44.444root 11241100x8000000000000000723802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb763a524c14776a2021-12-21 12:50:44.444root 11241100x8000000000000000723803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a60b86d302ad9c2021-12-21 12:50:44.444root 11241100x8000000000000000723804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5384dc6fbc564c22021-12-21 12:50:44.444root 11241100x8000000000000000723805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8f2b71353df9d2021-12-21 12:50:44.444root 11241100x8000000000000000723806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a7581981e4c6b2021-12-21 12:50:44.444root 11241100x8000000000000000723807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e705b78514a2d4582021-12-21 12:50:44.445root 11241100x8000000000000000723808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36eacb86a28ae712021-12-21 12:50:44.445root 11241100x8000000000000000723809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e780f2164633ff02021-12-21 12:50:44.445root 11241100x8000000000000000723810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdc720d22e53aca2021-12-21 12:50:44.445root 11241100x8000000000000000723811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a6724cb0b031452021-12-21 12:50:44.445root 11241100x8000000000000000723812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1cae7c5780f3de2021-12-21 12:50:44.445root 11241100x8000000000000000723813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c098d0231ed32fee2021-12-21 12:50:44.445root 11241100x8000000000000000723814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2409955c34dcd7c62021-12-21 12:50:44.445root 11241100x8000000000000000723815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d112abb3d052d7c2021-12-21 12:50:44.943root 11241100x8000000000000000723816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b259bd38df6bbb162021-12-21 12:50:44.943root 11241100x8000000000000000723817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e26a5319c558122021-12-21 12:50:44.943root 11241100x8000000000000000723818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f8f128cfea6e02021-12-21 12:50:44.943root 11241100x8000000000000000723819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670d513d7479789e2021-12-21 12:50:44.943root 11241100x8000000000000000723820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc66b464415c3ab62021-12-21 12:50:44.944root 11241100x8000000000000000723821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb7c2710dc3c452021-12-21 12:50:44.944root 11241100x8000000000000000723822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce20f061b98720e2021-12-21 12:50:44.944root 11241100x8000000000000000723823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ecbb2eaad1eff2021-12-21 12:50:44.944root 11241100x8000000000000000723824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192205f45e63d772021-12-21 12:50:44.944root 11241100x8000000000000000723825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a873411f645a5db2021-12-21 12:50:44.944root 11241100x8000000000000000723826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b141be35c18fda2021-12-21 12:50:44.944root 11241100x8000000000000000723827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73acdc083447606f2021-12-21 12:50:44.944root 11241100x8000000000000000723828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aecbd91e583f7262021-12-21 12:50:44.944root 11241100x8000000000000000723829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba59f33a9b2fe02021-12-21 12:50:44.944root 11241100x8000000000000000723830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e4673d3ce34f3c2021-12-21 12:50:44.944root 11241100x8000000000000000723831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92054e7078c6d1d02021-12-21 12:50:44.944root 11241100x8000000000000000723832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ae320f7713d002021-12-21 12:50:45.443root 11241100x8000000000000000723833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4abfbd9e6239962021-12-21 12:50:45.443root 11241100x8000000000000000723834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eb2983b51d6bc12021-12-21 12:50:45.443root 11241100x8000000000000000723835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed25a33a3154f0a72021-12-21 12:50:45.443root 11241100x8000000000000000723836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16425cf2fce40bf2021-12-21 12:50:45.443root 11241100x8000000000000000723837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1307d3a5061a6f2021-12-21 12:50:45.443root 11241100x8000000000000000723838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aab5af3b9e1bc02021-12-21 12:50:45.444root 11241100x8000000000000000723839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3da1461417a0582021-12-21 12:50:45.444root 11241100x8000000000000000723840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29800f67e4f90ea2021-12-21 12:50:45.444root 11241100x8000000000000000723841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72480fdd3b6107cd2021-12-21 12:50:45.444root 11241100x8000000000000000723842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dc1fa09cdf82032021-12-21 12:50:45.444root 11241100x8000000000000000723843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2b456209de58fc2021-12-21 12:50:45.444root 11241100x8000000000000000723844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ae437dfcd5c97a2021-12-21 12:50:45.444root 11241100x8000000000000000723845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2533175a9a6d8d82021-12-21 12:50:45.444root 11241100x8000000000000000723846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4184fb2c64f20ce12021-12-21 12:50:45.444root 11241100x8000000000000000723847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6178f893fa15a42021-12-21 12:50:45.444root 11241100x8000000000000000723848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3fa0af3f7a9a462021-12-21 12:50:45.444root 11241100x8000000000000000723849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21f476225644bb42021-12-21 12:50:45.943root 11241100x8000000000000000723850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60352bfbe2c4b61a2021-12-21 12:50:45.943root 11241100x8000000000000000723851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bd5ea216a98f32021-12-21 12:50:45.943root 11241100x8000000000000000723852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b632f0afed2002021-12-21 12:50:45.943root 11241100x8000000000000000723853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f3601fb9df27ed2021-12-21 12:50:45.943root 11241100x8000000000000000723854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb10fe382527358f2021-12-21 12:50:45.943root 11241100x8000000000000000723855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ad2d230486d9002021-12-21 12:50:45.943root 11241100x8000000000000000723856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168b55435c035ee12021-12-21 12:50:45.944root 11241100x8000000000000000723857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55612c750704f8e92021-12-21 12:50:45.944root 11241100x8000000000000000723858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1741eb9f1cef32021-12-21 12:50:45.944root 11241100x8000000000000000723859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff3a0f2242d80ff2021-12-21 12:50:45.944root 11241100x8000000000000000723860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e08232d99db2ac2021-12-21 12:50:45.944root 11241100x8000000000000000723861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b88c1529ab2d62021-12-21 12:50:45.944root 11241100x8000000000000000723862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d2cf81f87850c2021-12-21 12:50:45.944root 11241100x8000000000000000723863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1018d6acfe4851de2021-12-21 12:50:45.944root 11241100x8000000000000000723864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f343694a471ec02021-12-21 12:50:45.944root 11241100x8000000000000000723865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c54f8a537ac4d32021-12-21 12:50:45.944root 354300x8000000000000000723866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50568-false10.0.1.12-8000- 11241100x8000000000000000723867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41906839f777abd42021-12-21 12:50:46.443root 11241100x8000000000000000723868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbcf97c3eeed8202021-12-21 12:50:46.443root 11241100x8000000000000000723869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ad49ca2ea13e252021-12-21 12:50:46.443root 11241100x8000000000000000723870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d053464f8c5e13e12021-12-21 12:50:46.443root 11241100x8000000000000000723871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae472234911f42942021-12-21 12:50:46.444root 11241100x8000000000000000723872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5543950616ce032021-12-21 12:50:46.444root 11241100x8000000000000000723873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef2ce69b559c2f92021-12-21 12:50:46.444root 11241100x8000000000000000723874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc16661eae6441b2021-12-21 12:50:46.444root 11241100x8000000000000000723875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb4dcf28ce690d42021-12-21 12:50:46.444root 11241100x8000000000000000723876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c832c9578eb8182021-12-21 12:50:46.444root 11241100x8000000000000000723877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b7722401984cd2021-12-21 12:50:46.444root 11241100x8000000000000000723878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0bb943f78cd6682021-12-21 12:50:46.444root 11241100x8000000000000000723879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1092ced38ccd2e2021-12-21 12:50:46.444root 11241100x8000000000000000723880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f301bfc45fe5da3b2021-12-21 12:50:46.444root 11241100x8000000000000000723881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5264580707c8282021-12-21 12:50:46.445root 11241100x8000000000000000723882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85487e663c0b3e2f2021-12-21 12:50:46.445root 11241100x8000000000000000723883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b74cfdedc7372c2021-12-21 12:50:46.445root 11241100x8000000000000000723884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbaa38e5d6c26332021-12-21 12:50:46.445root 11241100x8000000000000000723885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762ef5ea1399a9672021-12-21 12:50:46.943root 11241100x8000000000000000723886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4874820864d263702021-12-21 12:50:46.943root 11241100x8000000000000000723887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d10a4e7e80762fd2021-12-21 12:50:46.943root 11241100x8000000000000000723888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72cc71bf23a131a2021-12-21 12:50:46.943root 11241100x8000000000000000723889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710c39ce0b970dd2021-12-21 12:50:46.944root 11241100x8000000000000000723890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a9200322b554442021-12-21 12:50:46.944root 11241100x8000000000000000723891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13be5f6ca0ce6022021-12-21 12:50:46.944root 11241100x8000000000000000723892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526b4299c1c24f22021-12-21 12:50:46.944root 11241100x8000000000000000723893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ecd99029f85ab2021-12-21 12:50:46.944root 11241100x8000000000000000723894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e683bed4e3c4ef22021-12-21 12:50:46.944root 11241100x8000000000000000723895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42a89cb6a654cf62021-12-21 12:50:46.944root 11241100x8000000000000000723896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ad19cffa6e9f522021-12-21 12:50:46.944root 11241100x8000000000000000723897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc4a59cc2d0b2512021-12-21 12:50:46.944root 11241100x8000000000000000723898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ad1038a7a312b72021-12-21 12:50:46.944root 11241100x8000000000000000723899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280127dba6c8af92021-12-21 12:50:46.945root 11241100x8000000000000000723900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92283cef111abdc92021-12-21 12:50:46.945root 11241100x8000000000000000723901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51257d1aaacf2a862021-12-21 12:50:46.945root 11241100x8000000000000000723902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f403273d4c91d182021-12-21 12:50:46.945root 11241100x8000000000000000723903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472db3f74f6788c92021-12-21 12:50:47.443root 11241100x8000000000000000723904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f144331a9e73c43d2021-12-21 12:50:47.443root 11241100x8000000000000000723905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018887ebb2fd3ef12021-12-21 12:50:47.443root 11241100x8000000000000000723906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd239a08f2aabd2021-12-21 12:50:47.443root 11241100x8000000000000000723907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebd51cfeac10d2a2021-12-21 12:50:47.443root 11241100x8000000000000000723908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7dec11982c5d432021-12-21 12:50:47.444root 11241100x8000000000000000723909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b084ec8e53dcdd62021-12-21 12:50:47.444root 11241100x8000000000000000723910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fba9da24b90eb2e2021-12-21 12:50:47.444root 11241100x8000000000000000723911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d2dec3b1a793e62021-12-21 12:50:47.444root 11241100x8000000000000000723912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d819ca572899c2021-12-21 12:50:47.444root 11241100x8000000000000000723913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6a1813e05118d2021-12-21 12:50:47.444root 11241100x8000000000000000723914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fadfe0e17aa9da92021-12-21 12:50:47.444root 11241100x8000000000000000723915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deec98fcf7a6f632021-12-21 12:50:47.444root 11241100x8000000000000000723916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a17c1d7cf42a1842021-12-21 12:50:47.444root 11241100x8000000000000000723917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd213be45c16d942021-12-21 12:50:47.444root 11241100x8000000000000000723918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68cc77ff2b847b82021-12-21 12:50:47.444root 11241100x8000000000000000723919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2119d5001256c62021-12-21 12:50:47.444root 11241100x8000000000000000723920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb87fa84729dce8b2021-12-21 12:50:47.444root 11241100x8000000000000000723921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520bb8c65be23cbe2021-12-21 12:50:47.943root 11241100x8000000000000000723922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252e3257f69a15ba2021-12-21 12:50:47.943root 11241100x8000000000000000723923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010608f653b1d222021-12-21 12:50:47.943root 11241100x8000000000000000723924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341893bb2ae7dad82021-12-21 12:50:47.943root 11241100x8000000000000000723925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f36d8b52bb4f3e2021-12-21 12:50:47.944root 11241100x8000000000000000723926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c698e4f7d01422021-12-21 12:50:47.944root 11241100x8000000000000000723927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbbd4f6964f1f3f2021-12-21 12:50:47.944root 11241100x8000000000000000723928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab39b70fb8e577b2021-12-21 12:50:47.944root 11241100x8000000000000000723929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ceaf71f27df32192021-12-21 12:50:47.944root 11241100x8000000000000000723930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9bb432d64f703b2021-12-21 12:50:47.944root 11241100x8000000000000000723931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbbdeabf21f08232021-12-21 12:50:47.944root 11241100x8000000000000000723932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2052998a5f8a8f402021-12-21 12:50:47.944root 11241100x8000000000000000723933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf0f5b774b2dec32021-12-21 12:50:47.944root 11241100x8000000000000000723934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98d6b9f4c6c465e2021-12-21 12:50:47.944root 11241100x8000000000000000723935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53069a0c628bfa3b2021-12-21 12:50:47.944root 11241100x8000000000000000723936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deacbfc95e3a6bb52021-12-21 12:50:47.944root 11241100x8000000000000000723937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c41f2afba97005d2021-12-21 12:50:47.944root 11241100x8000000000000000723938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93cc65f0648d2dc2021-12-21 12:50:47.944root 11241100x8000000000000000723939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91c969263d299c02021-12-21 12:50:48.443root 11241100x8000000000000000723940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab602fc0fa7e1302021-12-21 12:50:48.443root 11241100x8000000000000000723941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af7f44bbd61129f2021-12-21 12:50:48.443root 11241100x8000000000000000723942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98e163ad2d82dca2021-12-21 12:50:48.443root 11241100x8000000000000000723943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f2b7888e7c06a2021-12-21 12:50:48.443root 11241100x8000000000000000723944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f87be24b78bd25b2021-12-21 12:50:48.444root 11241100x8000000000000000723945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5114b197c7b888732021-12-21 12:50:48.444root 11241100x8000000000000000723946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6a2490415d63942021-12-21 12:50:48.444root 11241100x8000000000000000723947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0777238882c7c2362021-12-21 12:50:48.444root 11241100x8000000000000000723948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8903dd08d916bf2021-12-21 12:50:48.444root 11241100x8000000000000000723949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39749eee9c8b37af2021-12-21 12:50:48.444root 11241100x8000000000000000723950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87672e3ea5a8b292021-12-21 12:50:48.444root 11241100x8000000000000000723951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8493fea812fd9d2021-12-21 12:50:48.444root 11241100x8000000000000000723952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5813a18811cf5412021-12-21 12:50:48.444root 11241100x8000000000000000723953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae047b58e017475d2021-12-21 12:50:48.444root 11241100x8000000000000000723954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9273f7e095695f2b2021-12-21 12:50:48.444root 11241100x8000000000000000723955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53b7587040ae1f2021-12-21 12:50:48.444root 11241100x8000000000000000723956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ab8da51d52bd7f2021-12-21 12:50:48.444root 11241100x8000000000000000723957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be20daf17f5a0922021-12-21 12:50:48.943root 11241100x8000000000000000723958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162b53cfe1130552021-12-21 12:50:48.943root 11241100x8000000000000000723959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc6dec39091cef2021-12-21 12:50:48.943root 11241100x8000000000000000723960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b0160b01d4ef952021-12-21 12:50:48.944root 11241100x8000000000000000723961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8466d97c5d9668662021-12-21 12:50:48.944root 11241100x8000000000000000723962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733d94bbe99a5a5c2021-12-21 12:50:48.944root 11241100x8000000000000000723963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aed72bad531797f2021-12-21 12:50:48.944root 11241100x8000000000000000723964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bd9e102fef51202021-12-21 12:50:48.944root 11241100x8000000000000000723965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5374eee323159c092021-12-21 12:50:48.944root 11241100x8000000000000000723966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e94f75e7f57a7232021-12-21 12:50:48.944root 11241100x8000000000000000723967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0957d1a5de916bfa2021-12-21 12:50:48.944root 11241100x8000000000000000723968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cc7906328a135c2021-12-21 12:50:48.944root 11241100x8000000000000000723969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bf98ed761e6d6e2021-12-21 12:50:48.944root 11241100x8000000000000000723970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54795d035052662021-12-21 12:50:48.944root 11241100x8000000000000000723971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa0313d23bd75222021-12-21 12:50:48.944root 11241100x8000000000000000723972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc821b2db4c1dcc2021-12-21 12:50:48.944root 11241100x8000000000000000723973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc82aec40148ae412021-12-21 12:50:48.944root 11241100x8000000000000000723974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c27f32f94f3d602021-12-21 12:50:48.945root 11241100x8000000000000000723975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb48c8b11898c7b02021-12-21 12:50:49.443root 11241100x8000000000000000723976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5f5de3124fb6d2021-12-21 12:50:49.443root 11241100x8000000000000000723977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be4bafd42c27742021-12-21 12:50:49.443root 11241100x8000000000000000723978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2662731a412867a52021-12-21 12:50:49.443root 11241100x8000000000000000723979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c2384c6fb755992021-12-21 12:50:49.443root 11241100x8000000000000000723980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2b63364bc6ae82021-12-21 12:50:49.444root 11241100x8000000000000000723981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700745286a8b5452021-12-21 12:50:49.444root 11241100x8000000000000000723982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162e82c0d7e435cb2021-12-21 12:50:49.444root 11241100x8000000000000000723983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2b0365b2f489672021-12-21 12:50:49.444root 11241100x8000000000000000723984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc472d3fd1562f4b2021-12-21 12:50:49.444root 11241100x8000000000000000723985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb258a036f7131ff2021-12-21 12:50:49.444root 11241100x8000000000000000723986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c1bab32539ce842021-12-21 12:50:49.444root 11241100x8000000000000000723987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f4edd8e09072032021-12-21 12:50:49.444root 11241100x8000000000000000723988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9856277560e7f22021-12-21 12:50:49.444root 11241100x8000000000000000723989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320559ed49a225a62021-12-21 12:50:49.444root 11241100x8000000000000000723990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563928ae7eb7c2432021-12-21 12:50:49.444root 11241100x8000000000000000723991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4c42d4b5ead212021-12-21 12:50:49.444root 11241100x8000000000000000723992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e0c1322ec792f2021-12-21 12:50:49.444root 11241100x8000000000000000723993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde0693bdd706a3e2021-12-21 12:50:49.943root 11241100x8000000000000000723994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96874dabba45d8542021-12-21 12:50:49.943root 11241100x8000000000000000723995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefff6397c5a9cf2021-12-21 12:50:49.943root 11241100x8000000000000000723996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71521d67e08785212021-12-21 12:50:49.943root 11241100x8000000000000000723997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca843c63a5e7a49a2021-12-21 12:50:49.943root 11241100x8000000000000000723998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494581c760a6d2492021-12-21 12:50:49.944root 11241100x8000000000000000723999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55c89f7a6a991ff2021-12-21 12:50:49.944root 11241100x8000000000000000724000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d5b4f52b3652ee2021-12-21 12:50:49.944root 11241100x8000000000000000724001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6c0c5cddfdb2a2021-12-21 12:50:49.944root 11241100x8000000000000000724002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b3c26e4febf9e2021-12-21 12:50:49.944root 11241100x8000000000000000724003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad1341922509872021-12-21 12:50:49.944root 11241100x8000000000000000724004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92523a554e69ad532021-12-21 12:50:49.944root 11241100x8000000000000000724005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e202a2d8be8851cf2021-12-21 12:50:49.944root 11241100x8000000000000000724006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6c78462987c132021-12-21 12:50:49.944root 11241100x8000000000000000724007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16b680249790252021-12-21 12:50:49.944root 11241100x8000000000000000724008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da20b9f068bfd11b2021-12-21 12:50:49.944root 11241100x8000000000000000724009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2908177a7293ab992021-12-21 12:50:49.944root 11241100x8000000000000000724010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79e029b13ea03fa2021-12-21 12:50:49.944root 11241100x8000000000000000724011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dfa1767dd180a12021-12-21 12:50:50.443root 11241100x8000000000000000724012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190536f6922d32fb2021-12-21 12:50:50.443root 11241100x8000000000000000724013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df91fceef35ee3052021-12-21 12:50:50.443root 11241100x8000000000000000724014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85501361a32f005f2021-12-21 12:50:50.443root 11241100x8000000000000000724015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1a2a02f8a9de402021-12-21 12:50:50.443root 11241100x8000000000000000724016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee067ce52e8721282021-12-21 12:50:50.444root 11241100x8000000000000000724017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cee11d5074462e2021-12-21 12:50:50.444root 11241100x8000000000000000724018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a0e51c3ada3a482021-12-21 12:50:50.444root 11241100x8000000000000000724019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131beaeef0b0931e2021-12-21 12:50:50.444root 11241100x8000000000000000724020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf61c2d797a69df2021-12-21 12:50:50.444root 11241100x8000000000000000724021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a61f507135f7f22021-12-21 12:50:50.444root 11241100x8000000000000000724022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b028989b8323072021-12-21 12:50:50.444root 11241100x8000000000000000724023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4fc6d093b450a2021-12-21 12:50:50.444root 11241100x8000000000000000724024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6265386d5fd679d02021-12-21 12:50:50.444root 11241100x8000000000000000724025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f0462f434eacc42021-12-21 12:50:50.444root 11241100x8000000000000000724026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fee7be74fbcb512021-12-21 12:50:50.444root 11241100x8000000000000000724027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa2a559474ad092021-12-21 12:50:50.444root 11241100x8000000000000000724028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d04bed8f180242e2021-12-21 12:50:50.444root 11241100x8000000000000000724029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc4f7ffc54f62ba2021-12-21 12:50:50.943root 11241100x8000000000000000724030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e9979b83919dfa2021-12-21 12:50:50.943root 11241100x8000000000000000724031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e00dbbdcb1e26f92021-12-21 12:50:50.944root 11241100x8000000000000000724032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63f8906a74c212d2021-12-21 12:50:50.944root 11241100x8000000000000000724033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1c8fecb3f204df2021-12-21 12:50:50.944root 11241100x8000000000000000724034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705ab8db798e5d782021-12-21 12:50:50.944root 11241100x8000000000000000724035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a77f45290c8fce2021-12-21 12:50:50.944root 11241100x8000000000000000724036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca16425ec06e5f2021-12-21 12:50:50.944root 11241100x8000000000000000724037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0680ed6cc7b5bba92021-12-21 12:50:50.944root 11241100x8000000000000000724038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e59a4978ef8460b2021-12-21 12:50:50.944root 11241100x8000000000000000724039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0596dc33ceeb3e9b2021-12-21 12:50:50.944root 11241100x8000000000000000724040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4166c5f32ac43dc2021-12-21 12:50:50.944root 11241100x8000000000000000724041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225ddec69734f9782021-12-21 12:50:50.944root 11241100x8000000000000000724042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b890eb8df3548042021-12-21 12:50:50.944root 11241100x8000000000000000724043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce8801fc07b48b02021-12-21 12:50:50.944root 11241100x8000000000000000724044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610c3f7497a559e2021-12-21 12:50:50.944root 11241100x8000000000000000724045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c5488a51641fb02021-12-21 12:50:50.944root 11241100x8000000000000000724046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d86b1b53fcc02b2021-12-21 12:50:50.944root 11241100x8000000000000000724047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c79dfdd0c5e82e62021-12-21 12:50:50.945root 11241100x8000000000000000724048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90ae665326b13952021-12-21 12:50:50.945root 11241100x8000000000000000724049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56acd7f378f204472021-12-21 12:50:50.945root 11241100x8000000000000000724050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea75681c259919dc2021-12-21 12:50:51.443root 11241100x8000000000000000724051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac457791d604cd2021-12-21 12:50:51.443root 11241100x8000000000000000724052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edbf24b45db29662021-12-21 12:50:51.443root 11241100x8000000000000000724053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fe73f52c4d09862021-12-21 12:50:51.443root 11241100x8000000000000000724054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e934330ac89dca52021-12-21 12:50:51.444root 11241100x8000000000000000724055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b2a56916f8ee242021-12-21 12:50:51.444root 11241100x8000000000000000724056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ffae5c366ae6e2021-12-21 12:50:51.444root 11241100x8000000000000000724057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e320c05a7ca252021-12-21 12:50:51.444root 11241100x8000000000000000724058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effa318acdff88cc2021-12-21 12:50:51.444root 11241100x8000000000000000724059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999b815ce0bf0df92021-12-21 12:50:51.444root 11241100x8000000000000000724060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7479fcef24078b52021-12-21 12:50:51.444root 11241100x8000000000000000724061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adae700ec00bc532021-12-21 12:50:51.444root 11241100x8000000000000000724062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032d1697255816ef2021-12-21 12:50:51.444root 11241100x8000000000000000724063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3001678fcff4ec2021-12-21 12:50:51.444root 11241100x8000000000000000724064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c305df189e4579d52021-12-21 12:50:51.444root 11241100x8000000000000000724065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deb81327d9f93bb2021-12-21 12:50:51.444root 11241100x8000000000000000724066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda2551f173a8c492021-12-21 12:50:51.444root 11241100x8000000000000000724067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e854b85fe0f86292021-12-21 12:50:51.444root 11241100x8000000000000000724068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452144a47ee43c592021-12-21 12:50:51.943root 11241100x8000000000000000724069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8023ba8d5f2992682021-12-21 12:50:51.943root 11241100x8000000000000000724070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49b2b2176f9134e2021-12-21 12:50:51.943root 11241100x8000000000000000724071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6016b266c04cf0032021-12-21 12:50:51.943root 11241100x8000000000000000724072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec128015caa33eb92021-12-21 12:50:51.943root 11241100x8000000000000000724073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281bcaf01f5032da2021-12-21 12:50:51.944root 11241100x8000000000000000724074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669dbff9344ebdc42021-12-21 12:50:51.944root 11241100x8000000000000000724075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85760ffd5207c7332021-12-21 12:50:51.944root 11241100x8000000000000000724076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0ca2c82dfe501e2021-12-21 12:50:51.944root 11241100x8000000000000000724077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eda034554726902021-12-21 12:50:51.944root 11241100x8000000000000000724078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14272cf1ff49832021-12-21 12:50:51.944root 11241100x8000000000000000724079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bcc31a450117ab2021-12-21 12:50:51.944root 11241100x8000000000000000724080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db470415754bda2021-12-21 12:50:51.944root 11241100x8000000000000000724081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a508ecea1a54b912021-12-21 12:50:51.944root 11241100x8000000000000000724082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db92e7f0c15ec832021-12-21 12:50:51.944root 11241100x8000000000000000724083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a3fd9fe3621392021-12-21 12:50:51.944root 11241100x8000000000000000724084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e29e4d431961ff42021-12-21 12:50:51.944root 11241100x8000000000000000724085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b346d4738a9dd92b2021-12-21 12:50:51.944root 354300x8000000000000000724086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50570-false10.0.1.12-8000- 11241100x8000000000000000724087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d9178ac5979e72021-12-21 12:50:52.443root 11241100x8000000000000000724088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5140e6f4141fb2021-12-21 12:50:52.443root 11241100x8000000000000000724089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0b3ede332f3182021-12-21 12:50:52.443root 11241100x8000000000000000724090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca70f34cff528aa42021-12-21 12:50:52.443root 11241100x8000000000000000724091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607923779aacd3f02021-12-21 12:50:52.443root 11241100x8000000000000000724092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd6bd3bcb6f57592021-12-21 12:50:52.444root 11241100x8000000000000000724093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6a7ba615c03e02021-12-21 12:50:52.444root 11241100x8000000000000000724094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec394bf5d17f9a2021-12-21 12:50:52.444root 11241100x8000000000000000724095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3c5777f22dff52021-12-21 12:50:52.444root 11241100x8000000000000000724096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce48677de2493292021-12-21 12:50:52.444root 11241100x8000000000000000724097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06934a011817dbf2021-12-21 12:50:52.444root 11241100x8000000000000000724098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881c22dc41aedc622021-12-21 12:50:52.444root 11241100x8000000000000000724099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945768925e19f4652021-12-21 12:50:52.444root 11241100x8000000000000000724100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b06fc65ce057c52021-12-21 12:50:52.444root 11241100x8000000000000000724101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0dd53f0a1d5382021-12-21 12:50:52.444root 11241100x8000000000000000724102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4629f2764b99429f2021-12-21 12:50:52.444root 11241100x8000000000000000724103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5361832056638e2021-12-21 12:50:52.444root 11241100x8000000000000000724104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b348b04184a6002021-12-21 12:50:52.444root 11241100x8000000000000000724105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf037fa3d921c5b2021-12-21 12:50:52.444root 11241100x8000000000000000724106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b985265fe8f56182021-12-21 12:50:52.943root 11241100x8000000000000000724107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a556e03144d34b6c2021-12-21 12:50:52.943root 11241100x8000000000000000724108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2d3ecfd8d501012021-12-21 12:50:52.943root 11241100x8000000000000000724109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066ec6263007f00d2021-12-21 12:50:52.943root 11241100x8000000000000000724110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0266e9525d83f1902021-12-21 12:50:52.944root 11241100x8000000000000000724111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cd8af2c771561a2021-12-21 12:50:52.944root 11241100x8000000000000000724112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb83b8be5ff98b6a2021-12-21 12:50:52.944root 11241100x8000000000000000724113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71f095652fb3d912021-12-21 12:50:52.944root 11241100x8000000000000000724114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e0a36a00e5d1cb2021-12-21 12:50:52.944root 11241100x8000000000000000724115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ebc187f3fcc58b2021-12-21 12:50:52.944root 11241100x8000000000000000724116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326812c582c41c42021-12-21 12:50:52.944root 11241100x8000000000000000724117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e56d536cf987c02021-12-21 12:50:52.944root 11241100x8000000000000000724118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e71684fb68d4862021-12-21 12:50:52.944root 11241100x8000000000000000724119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c424725e12aa7182021-12-21 12:50:52.944root 11241100x8000000000000000724120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53c3e9357d23082021-12-21 12:50:52.944root 11241100x8000000000000000724121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eea04d7255aaef52021-12-21 12:50:52.944root 11241100x8000000000000000724122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b4e66ac6dee952021-12-21 12:50:52.944root 11241100x8000000000000000724123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180e0c0f67d35d342021-12-21 12:50:52.944root 11241100x8000000000000000724124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc433322844803012021-12-21 12:50:52.944root 11241100x8000000000000000724125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a2fea338c1db22021-12-21 12:50:53.443root 11241100x8000000000000000724126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9578b642a3ffb22021-12-21 12:50:53.443root 11241100x8000000000000000724127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021246cabcf840c82021-12-21 12:50:53.443root 11241100x8000000000000000724128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83bd9a615b3ae472021-12-21 12:50:53.443root 11241100x8000000000000000724129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d0d0ec9475ade2021-12-21 12:50:53.444root 11241100x8000000000000000724130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2724d57bac9eb202021-12-21 12:50:53.444root 11241100x8000000000000000724131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6117ede86d1dc5f92021-12-21 12:50:53.444root 11241100x8000000000000000724132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ce187cd36102cf2021-12-21 12:50:53.444root 11241100x8000000000000000724133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aad5ae52b59c232021-12-21 12:50:53.444root 11241100x8000000000000000724134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ca0dab0ef6ff72021-12-21 12:50:53.444root 11241100x8000000000000000724135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d90d2c6801ef772021-12-21 12:50:53.444root 11241100x8000000000000000724136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd27c0ca1ababcb82021-12-21 12:50:53.444root 11241100x8000000000000000724137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3922aa98b49b3472021-12-21 12:50:53.444root 11241100x8000000000000000724138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30abdc771f6d57dd2021-12-21 12:50:53.444root 11241100x8000000000000000724139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6e99fba4d38f9b2021-12-21 12:50:53.444root 11241100x8000000000000000724140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a52f37d7b2503782021-12-21 12:50:53.444root 11241100x8000000000000000724141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c063492c9ac3142021-12-21 12:50:53.444root 11241100x8000000000000000724142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d51acf73f958482021-12-21 12:50:53.444root 11241100x8000000000000000724143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6c9e4715523f942021-12-21 12:50:53.444root 11241100x8000000000000000724144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c557a23092fefd2021-12-21 12:50:53.943root 11241100x8000000000000000724145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74d4f6328ccdfee2021-12-21 12:50:53.943root 11241100x8000000000000000724146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e963aaa6f0e8f12021-12-21 12:50:53.943root 11241100x8000000000000000724147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f03a25163e9dc2021-12-21 12:50:53.943root 11241100x8000000000000000724148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0aa89b75e96652021-12-21 12:50:53.944root 11241100x8000000000000000724149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78aa1399efd5a752021-12-21 12:50:53.944root 11241100x8000000000000000724150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d6101a390fdac92021-12-21 12:50:53.944root 11241100x8000000000000000724151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783feeb869f72fa2021-12-21 12:50:53.944root 11241100x8000000000000000724152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3577d7d0b7291b522021-12-21 12:50:53.944root 11241100x8000000000000000724153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5226b84422405fb2021-12-21 12:50:53.944root 11241100x8000000000000000724154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db060229b891c0922021-12-21 12:50:53.944root 11241100x8000000000000000724155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08d0a3bee4832292021-12-21 12:50:53.944root 11241100x8000000000000000724156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7477f08ec167f8432021-12-21 12:50:53.944root 11241100x8000000000000000724157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c246d3dd3246a1f92021-12-21 12:50:53.944root 11241100x8000000000000000724158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c1dc98c5478c1d2021-12-21 12:50:53.944root 11241100x8000000000000000724159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16bfd7740fb5fa22021-12-21 12:50:53.944root 11241100x8000000000000000724160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae26c765f4f194582021-12-21 12:50:53.944root 11241100x8000000000000000724161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b0549bcdb8d6a52021-12-21 12:50:53.944root 11241100x8000000000000000724162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9566414ff520c61e2021-12-21 12:50:53.944root 11241100x8000000000000000724163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee70aa575c3c422021-12-21 12:50:54.443root 11241100x8000000000000000724164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d934158546b1d5c2021-12-21 12:50:54.443root 11241100x8000000000000000724165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762681e568cbd6d42021-12-21 12:50:54.443root 11241100x8000000000000000724166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36634ffd76e6fe32021-12-21 12:50:54.443root 11241100x8000000000000000724167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ee20b0c17a7c32021-12-21 12:50:54.444root 11241100x8000000000000000724168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100f6f9c868994622021-12-21 12:50:54.444root 11241100x8000000000000000724169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3f5e3f2cd889ef2021-12-21 12:50:54.444root 11241100x8000000000000000724170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d869e2570412856b2021-12-21 12:50:54.444root 11241100x8000000000000000724171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657c89d42f8b0cfc2021-12-21 12:50:54.444root 11241100x8000000000000000724172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e06f0a9970246c2021-12-21 12:50:54.444root 11241100x8000000000000000724173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b193fcb0c5ede2021-12-21 12:50:54.444root 11241100x8000000000000000724174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e139d2d245e9f8472021-12-21 12:50:54.444root 11241100x8000000000000000724175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d57aaaeaec5d92021-12-21 12:50:54.444root 11241100x8000000000000000724176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19aac4cef673e112021-12-21 12:50:54.444root 11241100x8000000000000000724177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1ff6c0736ef8062021-12-21 12:50:54.444root 11241100x8000000000000000724178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eda8f9cd52956972021-12-21 12:50:54.444root 11241100x8000000000000000724179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57305ac198bf69c2021-12-21 12:50:54.444root 11241100x8000000000000000724180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b0fe0854065e0b2021-12-21 12:50:54.444root 11241100x8000000000000000724181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d8c6c55c6c02ac2021-12-21 12:50:54.444root 11241100x8000000000000000724182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94da38bc38beb6cd2021-12-21 12:50:54.943root 11241100x8000000000000000724183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8514cf1c9bbe292021-12-21 12:50:54.943root 11241100x8000000000000000724184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300dd6cfe22346c2021-12-21 12:50:54.943root 11241100x8000000000000000724185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa3408212a46962021-12-21 12:50:54.944root 11241100x8000000000000000724186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3cb7e8cd4b42d32021-12-21 12:50:54.944root 11241100x8000000000000000724187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc6120da1685a4d2021-12-21 12:50:54.944root 11241100x8000000000000000724188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bfa40c6edc233f2021-12-21 12:50:54.944root 11241100x8000000000000000724189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ecff2534260a42021-12-21 12:50:54.944root 11241100x8000000000000000724190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c835a6e1a1f99a2021-12-21 12:50:54.944root 11241100x8000000000000000724191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cd959c235ebb872021-12-21 12:50:54.944root 11241100x8000000000000000724192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a258558cb224b52021-12-21 12:50:54.944root 11241100x8000000000000000724193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5beeb8e2d4d810e2021-12-21 12:50:54.944root 11241100x8000000000000000724194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3511f7654be9905a2021-12-21 12:50:54.944root 11241100x8000000000000000724195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57532ce258dd5282021-12-21 12:50:54.944root 11241100x8000000000000000724196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe38a1ce33c71c2021-12-21 12:50:54.944root 11241100x8000000000000000724197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8438ef00945b9d82021-12-21 12:50:54.945root 11241100x8000000000000000724198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0019245c217741912021-12-21 12:50:54.945root 11241100x8000000000000000724199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccad32e64f8147132021-12-21 12:50:54.945root 11241100x8000000000000000724200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0533140ad857daf72021-12-21 12:50:54.945root 11241100x8000000000000000724201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b1e61f05845a5a2021-12-21 12:50:55.443root 11241100x8000000000000000724202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce5f8d979bc03d2021-12-21 12:50:55.443root 11241100x8000000000000000724203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e666c1bc934a2b2f2021-12-21 12:50:55.443root 11241100x8000000000000000724204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714a78abfd34cc22021-12-21 12:50:55.443root 11241100x8000000000000000724205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4a6aecfd6a13502021-12-21 12:50:55.444root 11241100x8000000000000000724206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a727938eb6fcc8a12021-12-21 12:50:55.444root 11241100x8000000000000000724207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61454c56d511d36e2021-12-21 12:50:55.444root 11241100x8000000000000000724208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9cc64e3c67c85c2021-12-21 12:50:55.444root 11241100x8000000000000000724209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4478421fdaad852021-12-21 12:50:55.444root 11241100x8000000000000000724210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e9c012084859632021-12-21 12:50:55.444root 11241100x8000000000000000724211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903dd61421dee372021-12-21 12:50:55.444root 11241100x8000000000000000724212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9bbeeb9f0e30492021-12-21 12:50:55.444root 11241100x8000000000000000724213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508aa8e3628495bc2021-12-21 12:50:55.444root 11241100x8000000000000000724214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c050bde1be0bc212021-12-21 12:50:55.444root 11241100x8000000000000000724215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f888b144dd10b7142021-12-21 12:50:55.444root 11241100x8000000000000000724216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06779afaca4a58c32021-12-21 12:50:55.444root 11241100x8000000000000000724217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1f81febf841b132021-12-21 12:50:55.444root 11241100x8000000000000000724218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721dfe55ad4b7a12021-12-21 12:50:55.444root 11241100x8000000000000000724219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fae6367d6cb35f2021-12-21 12:50:55.444root 11241100x8000000000000000724220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb217a83e77a752021-12-21 12:50:55.943root 11241100x8000000000000000724221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d63e565382b5ce92021-12-21 12:50:55.943root 11241100x8000000000000000724222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0992cf261c601b32021-12-21 12:50:55.943root 11241100x8000000000000000724223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e5334372797d732021-12-21 12:50:55.943root 11241100x8000000000000000724224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df53f11f0805487e2021-12-21 12:50:55.944root 11241100x8000000000000000724225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d36ba4e84ef5c042021-12-21 12:50:55.944root 11241100x8000000000000000724226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5777950768093da72021-12-21 12:50:55.944root 11241100x8000000000000000724227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449a6a011d2bf76d2021-12-21 12:50:55.944root 11241100x8000000000000000724228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a744fe1febb8be7e2021-12-21 12:50:55.944root 11241100x8000000000000000724229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280acfff15f218842021-12-21 12:50:55.944root 11241100x8000000000000000724230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846042a2692dc9092021-12-21 12:50:55.944root 11241100x8000000000000000724231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3485ce1c3a26de702021-12-21 12:50:55.944root 11241100x8000000000000000724232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe694480ba4c627c2021-12-21 12:50:55.944root 11241100x8000000000000000724233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558801361c490d922021-12-21 12:50:55.944root 11241100x8000000000000000724234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd6f1fa08869c072021-12-21 12:50:55.944root 11241100x8000000000000000724235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ecedb657a420c52021-12-21 12:50:55.944root 11241100x8000000000000000724236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738feb364ac8b9a52021-12-21 12:50:55.944root 11241100x8000000000000000724237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa0e4c8af85230b2021-12-21 12:50:55.944root 11241100x8000000000000000724238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6245d19e56417d22021-12-21 12:50:55.944root 11241100x8000000000000000724239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5a6ab93abd32652021-12-21 12:50:56.443root 11241100x8000000000000000