354300x8000000000000000723195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:08.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50552-false10.0.1.12-8000- 11241100x8000000000000000723196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03fee4a9937280e2021-12-21 12:50:08.692root 23542300x8000000000000000723197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.133{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000723198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90409ac990abe22b2021-12-21 12:50:09.134root 11241100x8000000000000000723199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf8949fa5d018f72021-12-21 12:50:09.134root 11241100x8000000000000000723200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c052828a69cddb712021-12-21 12:50:09.442root 11241100x8000000000000000723201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e5df44ed5ae872021-12-21 12:50:09.443root 11241100x8000000000000000723202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16931263bab207ae2021-12-21 12:50:09.942root 11241100x8000000000000000723203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceabd119af5a8af22021-12-21 12:50:09.943root 11241100x8000000000000000723204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95503c3bc01f1c9c2021-12-21 12:50:10.442root 11241100x8000000000000000723205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0159c0a8743b26f22021-12-21 12:50:10.442root 11241100x8000000000000000723206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0e969880254372021-12-21 12:50:10.942root 11241100x8000000000000000723207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059fd967f44ab9c32021-12-21 12:50:10.942root 11241100x8000000000000000723208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096971b2c80f441f2021-12-21 12:50:11.443root 11241100x8000000000000000723209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5512a4a1b1d94afe2021-12-21 12:50:11.443root 11241100x8000000000000000723210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3caac73f811cfe32021-12-21 12:50:11.942root 11241100x8000000000000000723211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0130fe18f556e1672021-12-21 12:50:11.943root 11241100x8000000000000000723212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989420e1527e484e2021-12-21 12:50:12.442root 11241100x8000000000000000723213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab830b67ba82dda2021-12-21 12:50:12.443root 11241100x8000000000000000723214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d7a5df42eb9e3a2021-12-21 12:50:12.942root 11241100x8000000000000000723215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167cf6aaa1cc37632021-12-21 12:50:12.943root 11241100x8000000000000000723216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61101f59b08aa1a2021-12-21 12:50:13.443root 11241100x8000000000000000723217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df7bc3ddafd065b2021-12-21 12:50:13.443root 11241100x8000000000000000723218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a19eb6030449732021-12-21 12:50:13.943root 11241100x8000000000000000723219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068d7d4f381f1132021-12-21 12:50:13.943root 354300x8000000000000000723220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50554-false10.0.1.12-8000- 11241100x8000000000000000723221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f7a55bf489a40c2021-12-21 12:50:14.442root 11241100x8000000000000000723222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57680734ba1602c32021-12-21 12:50:14.443root 11241100x8000000000000000723223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ad519e356b22ea2021-12-21 12:50:14.443root 11241100x8000000000000000723224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd39914e89f7db9a2021-12-21 12:50:14.942root 11241100x8000000000000000723225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d85ed4d4dd2ee2021-12-21 12:50:14.943root 11241100x8000000000000000723226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa15b24a0e12b922021-12-21 12:50:14.943root 11241100x8000000000000000723227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431a9ed74ed2bded2021-12-21 12:50:15.442root 11241100x8000000000000000723228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3e82487e16bc222021-12-21 12:50:15.443root 11241100x8000000000000000723229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1e36f71bb7d76e2021-12-21 12:50:15.443root 11241100x8000000000000000723230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddef05cc02bd7f92021-12-21 12:50:15.942root 11241100x8000000000000000723231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd2f3dfefc286932021-12-21 12:50:15.943root 11241100x8000000000000000723232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb60051c3b2c3a2021-12-21 12:50:15.943root 11241100x8000000000000000723233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338511af397db302021-12-21 12:50:16.442root 11241100x8000000000000000723234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1d04b9b988d4802021-12-21 12:50:16.443root 11241100x8000000000000000723235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e24900bb08c4f32021-12-21 12:50:16.443root 11241100x8000000000000000723236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a46018c2750b702021-12-21 12:50:16.942root 11241100x8000000000000000723237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21630c195a2d485b2021-12-21 12:50:16.943root 11241100x8000000000000000723238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a710cf7254500782021-12-21 12:50:16.943root 11241100x8000000000000000723239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857a229a06ea2b962021-12-21 12:50:17.442root 11241100x8000000000000000723240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c116c3840eefd2021-12-21 12:50:17.443root 11241100x8000000000000000723241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97d2a9c8b26af752021-12-21 12:50:17.443root 11241100x8000000000000000723242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253187b3f229bc782021-12-21 12:50:17.942root 11241100x8000000000000000723243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a571742903f1ff382021-12-21 12:50:17.943root 11241100x8000000000000000723244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081f7b0b5224da4b2021-12-21 12:50:17.943root 11241100x8000000000000000723245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5083ccaaa4a2b2422021-12-21 12:50:18.442root 11241100x8000000000000000723246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07784487d2fce75e2021-12-21 12:50:18.443root 11241100x8000000000000000723247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2011e0aaead566b2021-12-21 12:50:18.443root 11241100x8000000000000000723248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e001dcc3dbfba02021-12-21 12:50:18.942root 11241100x8000000000000000723249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2c137206cffa152021-12-21 12:50:18.943root 11241100x8000000000000000723250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbec48a3d7802522021-12-21 12:50:18.943root 354300x8000000000000000723251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50556-false10.0.1.12-8000- 11241100x8000000000000000723252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62de8480e4a33b2f2021-12-21 12:50:19.219root 11241100x8000000000000000723253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed514d295a488c2021-12-21 12:50:19.219root 11241100x8000000000000000723254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67130b38445c31772021-12-21 12:50:19.219root 11241100x8000000000000000723255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217d0b4fa203e1782021-12-21 12:50:19.219root 11241100x8000000000000000723256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0259b39209cb48c12021-12-21 12:50:19.692root 11241100x8000000000000000723257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77404beb51e279282021-12-21 12:50:19.693root 11241100x8000000000000000723258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba832ede8920eae2021-12-21 12:50:19.693root 11241100x8000000000000000723259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a11e7017baa3632021-12-21 12:50:19.693root 11241100x8000000000000000723260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e000246667d553892021-12-21 12:50:20.193root 11241100x8000000000000000723261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2e788e183866e2021-12-21 12:50:20.193root 11241100x8000000000000000723262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326135baeb3d96242021-12-21 12:50:20.193root 11241100x8000000000000000723263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d1cfb1ec7bab92021-12-21 12:50:20.193root 11241100x8000000000000000723264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b20d848d108134d2021-12-21 12:50:20.692root 11241100x8000000000000000723265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af2023d7060b6132021-12-21 12:50:20.693root 11241100x8000000000000000723266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8a0cba7e04a7f52021-12-21 12:50:20.693root 11241100x8000000000000000723267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6221f23aeb6692462021-12-21 12:50:20.693root 11241100x8000000000000000723268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a64e1966d532902021-12-21 12:50:21.192root 11241100x8000000000000000723269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92e961a965716b62021-12-21 12:50:21.193root 11241100x8000000000000000723270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3058917d6c465172021-12-21 12:50:21.193root 11241100x8000000000000000723271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eeeba1fc5cf79f2021-12-21 12:50:21.193root 11241100x8000000000000000723272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341a6acf884f624d2021-12-21 12:50:21.692root 11241100x8000000000000000723273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fe00fbc7fa1152021-12-21 12:50:21.693root 11241100x8000000000000000723274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850603cf84f4931d2021-12-21 12:50:21.693root 11241100x8000000000000000723275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4585f7d0a83e67c2021-12-21 12:50:21.693root 11241100x8000000000000000723276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b404956b0a7c12021-12-21 12:50:22.192root 11241100x8000000000000000723277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57146f4a83eb090a2021-12-21 12:50:22.193root 11241100x8000000000000000723278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd631a904fed022021-12-21 12:50:22.193root 11241100x8000000000000000723279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d33f6a370127152021-12-21 12:50:22.193root 11241100x8000000000000000723280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245eac089727e4b62021-12-21 12:50:22.692root 11241100x8000000000000000723281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211d3de82ef6d33e2021-12-21 12:50:22.693root 11241100x8000000000000000723282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a6f5706e04dd92021-12-21 12:50:22.693root 11241100x8000000000000000723283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97f7749cc9c6c292021-12-21 12:50:22.693root 11241100x8000000000000000723284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8efad807b9bd5892021-12-21 12:50:23.192root 11241100x8000000000000000723285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ebeb00a535560f2021-12-21 12:50:23.193root 11241100x8000000000000000723286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d465233fe661cc22021-12-21 12:50:23.193root 11241100x8000000000000000723287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a8980de9bf35402021-12-21 12:50:23.193root 11241100x8000000000000000723288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e752693fba7d6c2021-12-21 12:50:23.692root 11241100x8000000000000000723289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55de2b45cb7487dd2021-12-21 12:50:23.693root 11241100x8000000000000000723290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1838e60864410e9c2021-12-21 12:50:23.693root 11241100x8000000000000000723291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652c02ffd7997c912021-12-21 12:50:23.693root 11241100x8000000000000000723292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fb2a609380de682021-12-21 12:50:24.192root 11241100x8000000000000000723293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820a3fbc7fcc3cb32021-12-21 12:50:24.193root 11241100x8000000000000000723294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b9210f35084d942021-12-21 12:50:24.193root 11241100x8000000000000000723295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233949e7e662cd282021-12-21 12:50:24.193root 354300x8000000000000000723296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.232{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50558-false10.0.1.12-8000- 11241100x8000000000000000723297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d12c25f334e052021-12-21 12:50:24.693root 11241100x8000000000000000723298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256366bfa2e2bb3d2021-12-21 12:50:24.693root 11241100x8000000000000000723299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292c7548821090bb2021-12-21 12:50:24.693root 11241100x8000000000000000723300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d340c998fbd8c2021-12-21 12:50:24.693root 11241100x8000000000000000723301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf04e8825963fccf2021-12-21 12:50:24.693root 23542300x8000000000000000723302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.746{ec2b6afe-cd59-61c1-80c2-7097fd550000}10155ubuntu/bin/nano/home/ubuntu/./.stdout_etc.sh.swp--- 534500x8000000000000000723303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.746{ec2b6afe-cd59-61c1-80c2-7097fd550000}10155/bin/nanoubuntu 11241100x8000000000000000723304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f005e4bc9246112021-12-21 12:50:25.193root 11241100x8000000000000000723305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d5c3548f6d5842021-12-21 12:50:25.193root 11241100x8000000000000000723306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e1d37089efb582021-12-21 12:50:25.193root 11241100x8000000000000000723307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15867eec3396bf562021-12-21 12:50:25.193root 11241100x8000000000000000723308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8f64ed4b831e742021-12-21 12:50:25.193root 11241100x8000000000000000723309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c61188fefb13a942021-12-21 12:50:25.193root 11241100x8000000000000000723310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f860d4011d8e31d2021-12-21 12:50:25.193root 11241100x8000000000000000723311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87711742b1d33da2021-12-21 12:50:25.693root 11241100x8000000000000000723312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6482e7ce07a5402021-12-21 12:50:25.693root 11241100x8000000000000000723313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2c8a8868b9a83b2021-12-21 12:50:25.693root 11241100x8000000000000000723314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3b2ec8b09d3aa12021-12-21 12:50:25.693root 11241100x8000000000000000723315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e238293cf671982021-12-21 12:50:25.693root 11241100x8000000000000000723316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8da7ad519918a172021-12-21 12:50:25.693root 11241100x8000000000000000723317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff6193a3df5d632021-12-21 12:50:25.693root 354300x8000000000000000723318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37624-false10.0.1.12-8089- 11241100x8000000000000000723319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6d344e06757e02021-12-21 12:50:25.962root 11241100x8000000000000000723320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015ab97c68a45ceb2021-12-21 12:50:25.962root 11241100x8000000000000000723321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952b137714c341192021-12-21 12:50:25.963root 11241100x8000000000000000723322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42819e8b0c25da52021-12-21 12:50:25.963root 11241100x8000000000000000723323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b03202af9dd5a3c2021-12-21 12:50:25.963root 11241100x8000000000000000723324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5495df587fae40802021-12-21 12:50:25.963root 11241100x8000000000000000723325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8493fd55ed7dd2021-12-21 12:50:25.963root 11241100x8000000000000000723326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c62fb65d4cc55652021-12-21 12:50:25.963root 11241100x8000000000000000723327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de5d4b06a4d687d2021-12-21 12:50:26.443root 11241100x8000000000000000723328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b82adb9492d29b2021-12-21 12:50:26.443root 11241100x8000000000000000723329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90f5dd65c1f4d9a2021-12-21 12:50:26.443root 11241100x8000000000000000723330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb447eeae40e10b2021-12-21 12:50:26.443root 11241100x8000000000000000723331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1a26f21add9cd82021-12-21 12:50:26.443root 11241100x8000000000000000723332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6516c68b22d0202021-12-21 12:50:26.443root 11241100x8000000000000000723333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eff409be3157672021-12-21 12:50:26.443root 11241100x8000000000000000723334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e3e987d544ea5d2021-12-21 12:50:26.443root 11241100x8000000000000000723335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5192692ed475da2021-12-21 12:50:26.943root 11241100x8000000000000000723336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60f3013fe2638d02021-12-21 12:50:26.943root 11241100x8000000000000000723337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6edf9d3be49ae2021-12-21 12:50:26.943root 11241100x8000000000000000723338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8e3a167aad371f2021-12-21 12:50:26.943root 11241100x8000000000000000723339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0487bbbfe5ea5c332021-12-21 12:50:26.943root 11241100x8000000000000000723340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d1c9301debbe22021-12-21 12:50:26.943root 11241100x8000000000000000723341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f9f486c59e3d872021-12-21 12:50:26.943root 11241100x8000000000000000723342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948553d1a48f7ff2021-12-21 12:50:26.943root 154100x8000000000000000723343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.384{ec2b6afe-cd93-61c1-08f6-50cc6f550000}10157/usr/bin/clear-----clear/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000723344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-cd93-61c1-08f6-50cc6f550000}10157/usr/bin/clearubuntu 11241100x8000000000000000723345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad4c507dcef8e3e2021-12-21 12:50:27.385root 11241100x8000000000000000723346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8336e89b16dcb2021-12-21 12:50:27.385root 11241100x8000000000000000723347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc04189ccb49c572021-12-21 12:50:27.385root 11241100x8000000000000000723348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7eed4d5434113b2021-12-21 12:50:27.385root 11241100x8000000000000000723349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e387fbd8fc73e2ac2021-12-21 12:50:27.385root 11241100x8000000000000000723350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690be0396ec857672021-12-21 12:50:27.386root 11241100x8000000000000000723351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a485a3d5483fc12021-12-21 12:50:27.386root 11241100x8000000000000000723352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d906ddebefb8c92021-12-21 12:50:27.386root 11241100x8000000000000000723353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3433b2b6a369bc2021-12-21 12:50:27.386root 11241100x8000000000000000723354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f670abde9f2a19d2021-12-21 12:50:27.693root 11241100x8000000000000000723355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfd473b13a6290c2021-12-21 12:50:27.693root 11241100x8000000000000000723356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b1e3a2038bc30f2021-12-21 12:50:27.693root 11241100x8000000000000000723357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cca1c7410058032021-12-21 12:50:27.693root 11241100x8000000000000000723358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b74ed62faa0962021-12-21 12:50:27.693root 11241100x8000000000000000723359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a246e207aa67df802021-12-21 12:50:27.693root 11241100x8000000000000000723360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca302cd748f5f02021-12-21 12:50:27.693root 11241100x8000000000000000723361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9fb39a26bfafb92021-12-21 12:50:27.693root 11241100x8000000000000000723362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b783ff4a5c40c32021-12-21 12:50:27.693root 11241100x8000000000000000723363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4220d9736150912021-12-21 12:50:27.693root 11241100x8000000000000000723364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560477a6cdac0f5d2021-12-21 12:50:28.193root 11241100x8000000000000000723365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1457f4d526b1d5002021-12-21 12:50:28.193root 11241100x8000000000000000723366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8623198c950092c2021-12-21 12:50:28.193root 11241100x8000000000000000723367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16458208ced1bf382021-12-21 12:50:28.193root 11241100x8000000000000000723368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9584a10b506d8a2021-12-21 12:50:28.193root 11241100x8000000000000000723369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff5bd818613df362021-12-21 12:50:28.193root 11241100x8000000000000000723370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03253e296ca023da2021-12-21 12:50:28.193root 11241100x8000000000000000723371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d2560e0a9dc762021-12-21 12:50:28.193root 11241100x8000000000000000723372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a0d94ecb98d1ee2021-12-21 12:50:28.193root 11241100x8000000000000000723373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabaa4727e7b453c2021-12-21 12:50:28.193root 11241100x8000000000000000723374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5b0edb86d60de52021-12-21 12:50:28.693root 11241100x8000000000000000723375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8049fd3f5d4e98d22021-12-21 12:50:28.693root 11241100x8000000000000000723376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d851113fa0ea7cd2021-12-21 12:50:28.693root 11241100x8000000000000000723377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3360ba7c5f075e52021-12-21 12:50:28.693root 11241100x8000000000000000723378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9458f740122ae3362021-12-21 12:50:28.693root 11241100x8000000000000000723379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f76f3f8350c71c2021-12-21 12:50:28.693root 11241100x8000000000000000723380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caecd9ba3f82f6d12021-12-21 12:50:28.693root 11241100x8000000000000000723381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d0e8c6fe4be3672021-12-21 12:50:28.693root 11241100x8000000000000000723382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6d7751ec9c16122021-12-21 12:50:28.693root 11241100x8000000000000000723383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07306918dcda53832021-12-21 12:50:28.694root 11241100x8000000000000000723384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa90471a5ec7942021-12-21 12:50:29.193root 11241100x8000000000000000723385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3153b3c7b587c5a72021-12-21 12:50:29.193root 11241100x8000000000000000723386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1173e167698a3092021-12-21 12:50:29.193root 11241100x8000000000000000723387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61df82dfea034b02021-12-21 12:50:29.193root 11241100x8000000000000000723388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61de354b6871222021-12-21 12:50:29.193root 11241100x8000000000000000723389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d9ba2b34c516d32021-12-21 12:50:29.193root 11241100x8000000000000000723390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecca3ac4a3787152021-12-21 12:50:29.193root 11241100x8000000000000000723391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9d398c3afe30712021-12-21 12:50:29.193root 11241100x8000000000000000723392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0c2a958bb423d22021-12-21 12:50:29.193root 11241100x8000000000000000723393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba1374f887e86452021-12-21 12:50:29.193root 11241100x8000000000000000723394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf80c5cae563651d2021-12-21 12:50:29.693root 11241100x8000000000000000723395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8f76eb8448bd2f2021-12-21 12:50:29.693root 11241100x8000000000000000723396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9f49145f5b4b992021-12-21 12:50:29.693root 11241100x8000000000000000723397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a2d0da90b6f802021-12-21 12:50:29.693root 11241100x8000000000000000723398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dddbee2052f1312021-12-21 12:50:29.693root 11241100x8000000000000000723399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b4a5b14ef96722021-12-21 12:50:29.693root 11241100x8000000000000000723400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5bb752327cd2432021-12-21 12:50:29.693root 11241100x8000000000000000723401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa9f7ceaa31c5b22021-12-21 12:50:29.693root 11241100x8000000000000000723402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf30dfcf732b2f92021-12-21 12:50:29.693root 11241100x8000000000000000723403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8af849179f656bb2021-12-21 12:50:29.693root 11241100x8000000000000000723404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7273f0a7cad55a2021-12-21 12:50:30.193root 11241100x8000000000000000723405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf406d2350fc02ea2021-12-21 12:50:30.193root 11241100x8000000000000000723406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc7ac929c35a932021-12-21 12:50:30.193root 11241100x8000000000000000723407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99409e5a460136372021-12-21 12:50:30.193root 11241100x8000000000000000723408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6843e53367d590c02021-12-21 12:50:30.193root 11241100x8000000000000000723409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4008da732b5dc6082021-12-21 12:50:30.193root 11241100x8000000000000000723410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76fcc3f8d48da2b2021-12-21 12:50:30.193root 11241100x8000000000000000723411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd0cc7b7d7e105a2021-12-21 12:50:30.193root 11241100x8000000000000000723412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd918eca3b61bfa2021-12-21 12:50:30.193root 11241100x8000000000000000723413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc67a227743ff3a72021-12-21 12:50:30.193root 354300x8000000000000000723414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.228{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50562-false10.0.1.12-8000- 11241100x8000000000000000723415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b062fbf2c23329582021-12-21 12:50:30.693root 11241100x8000000000000000723416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2d7ed483a1c00b2021-12-21 12:50:30.693root 11241100x8000000000000000723417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ef44d074afed552021-12-21 12:50:30.693root 11241100x8000000000000000723418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a35f3e043b7f112021-12-21 12:50:30.693root 11241100x8000000000000000723419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36eee905f0403d82021-12-21 12:50:30.693root 11241100x8000000000000000723420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd46fa5a06ec89a2021-12-21 12:50:30.693root 11241100x8000000000000000723421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d71aa5d7a215cd2021-12-21 12:50:30.693root 11241100x8000000000000000723422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7792ed5533a294862021-12-21 12:50:30.693root 11241100x8000000000000000723423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f218ef8f3ad6ec22021-12-21 12:50:30.693root 11241100x8000000000000000723424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cae5d4d950c5c532021-12-21 12:50:30.693root 11241100x8000000000000000723425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d70677371337f742021-12-21 12:50:30.693root 11241100x8000000000000000723426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ad21c39b9f1242021-12-21 12:50:31.193root 11241100x8000000000000000723427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a41fc6a5d3723b2021-12-21 12:50:31.193root 11241100x8000000000000000723428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdc6edeba86980c2021-12-21 12:50:31.193root 11241100x8000000000000000723429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c289329add065d7f2021-12-21 12:50:31.193root 11241100x8000000000000000723430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e8c92642727752021-12-21 12:50:31.193root 11241100x8000000000000000723431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b22c378fea298f2021-12-21 12:50:31.193root 11241100x8000000000000000723432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc6cba9e0920b1a2021-12-21 12:50:31.193root 11241100x8000000000000000723433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f94270f96911652021-12-21 12:50:31.193root 11241100x8000000000000000723434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd916f83fed8661b2021-12-21 12:50:31.193root 11241100x8000000000000000723435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad70b979ac17a962021-12-21 12:50:31.193root 11241100x8000000000000000723436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ddc368a9fd232f2021-12-21 12:50:31.194root 11241100x8000000000000000723437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9046e546c7d79da62021-12-21 12:50:31.693root 11241100x8000000000000000723438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da656db97a56f9442021-12-21 12:50:31.693root 11241100x8000000000000000723439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3c3d5872e11c52021-12-21 12:50:31.693root 11241100x8000000000000000723440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc01f899ad7c85dd2021-12-21 12:50:31.693root 11241100x8000000000000000723441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674b3f7bf69b986e2021-12-21 12:50:31.693root 11241100x8000000000000000723442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec864d4461da3732021-12-21 12:50:31.693root 11241100x8000000000000000723443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a970161d73ea8e2021-12-21 12:50:31.693root 11241100x8000000000000000723444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbde0b82c984acf2021-12-21 12:50:31.693root 11241100x8000000000000000723445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6de434ba813b1762021-12-21 12:50:31.693root 11241100x8000000000000000723446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b18e7030d24582021-12-21 12:50:31.693root 11241100x8000000000000000723447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4f1f9613031f22021-12-21 12:50:31.694root 11241100x8000000000000000723448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf9a55c5361dc82021-12-21 12:50:32.193root 11241100x8000000000000000723449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2ebd615bf4ffad2021-12-21 12:50:32.193root 11241100x8000000000000000723450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0621f66b6e57a72e2021-12-21 12:50:32.193root 11241100x8000000000000000723451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f975a7ebafea062021-12-21 12:50:32.193root 11241100x8000000000000000723452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1196eca289338bae2021-12-21 12:50:32.193root 11241100x8000000000000000723453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d55bbba996bf982021-12-21 12:50:32.193root 11241100x8000000000000000723454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4589a4c5ac2f54dd2021-12-21 12:50:32.193root 11241100x8000000000000000723455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6369f0189cf2aaf2021-12-21 12:50:32.193root 11241100x8000000000000000723456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c59e828bda2faec2021-12-21 12:50:32.194root 11241100x8000000000000000723457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691ef9f293946ec2021-12-21 12:50:32.194root 11241100x8000000000000000723458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7bf6e6611dba062021-12-21 12:50:32.194root 11241100x8000000000000000723459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e7d220d53a30442021-12-21 12:50:32.693root 11241100x8000000000000000723460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a219829489808c52021-12-21 12:50:32.693root 11241100x8000000000000000723461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace6956c33b9f2752021-12-21 12:50:32.693root 11241100x8000000000000000723462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d072bae5172f9d92021-12-21 12:50:32.693root 11241100x8000000000000000723463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b945e68334d03af2021-12-21 12:50:32.693root 11241100x8000000000000000723464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c494939c59bf35c32021-12-21 12:50:32.693root 11241100x8000000000000000723465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69b284853672382021-12-21 12:50:32.693root 11241100x8000000000000000723466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d82e8a4d522dece2021-12-21 12:50:32.693root 11241100x8000000000000000723467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9404fd25c7c5a8f22021-12-21 12:50:32.693root 11241100x8000000000000000723468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15ec36f9e7427852021-12-21 12:50:32.694root 11241100x8000000000000000723469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328059a9da65cc32021-12-21 12:50:32.694root 11241100x8000000000000000723470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e661d067f74e98a92021-12-21 12:50:33.193root 11241100x8000000000000000723471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c15d3446c902fd92021-12-21 12:50:33.193root 11241100x8000000000000000723472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54fc910a5906cd2021-12-21 12:50:33.193root 11241100x8000000000000000723473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a832c8c01f749b2021-12-21 12:50:33.193root 11241100x8000000000000000723474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8806fa4ab38dfb2021-12-21 12:50:33.193root 11241100x8000000000000000723475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200791505badfda72021-12-21 12:50:33.193root 11241100x8000000000000000723476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b4a055861a29f2021-12-21 12:50:33.193root 11241100x8000000000000000723477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d7b61439d461bf2021-12-21 12:50:33.193root 11241100x8000000000000000723478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff58442cf56cca2021-12-21 12:50:33.193root 11241100x8000000000000000723479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598760661e4e09e52021-12-21 12:50:33.193root 11241100x8000000000000000723480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21d73fae4835b282021-12-21 12:50:33.194root 11241100x8000000000000000723481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb895f8969431f62021-12-21 12:50:33.693root 11241100x8000000000000000723482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d215bdab91bd0b0e2021-12-21 12:50:33.693root 11241100x8000000000000000723483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd01e85de04bc10e2021-12-21 12:50:33.693root 11241100x8000000000000000723484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107d16477042b7472021-12-21 12:50:33.693root 11241100x8000000000000000723485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce926779c6303fa42021-12-21 12:50:33.693root 11241100x8000000000000000723486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a32ad92844c2fa2021-12-21 12:50:33.693root 11241100x8000000000000000723487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66652681876c1fb02021-12-21 12:50:33.693root 11241100x8000000000000000723488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc000b7020db8a542021-12-21 12:50:33.693root 11241100x8000000000000000723489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b3544724642f9b2021-12-21 12:50:33.693root 11241100x8000000000000000723490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533207a1bb00e39b2021-12-21 12:50:33.693root 11241100x8000000000000000723491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f493dd4b65d6952021-12-21 12:50:33.694root 11241100x8000000000000000723492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef74836760675b7c2021-12-21 12:50:34.193root 11241100x8000000000000000723493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c4af65ee4862ba2021-12-21 12:50:34.193root 11241100x8000000000000000723494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a8247325a6d6bb2021-12-21 12:50:34.193root 11241100x8000000000000000723495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26a82a338e945952021-12-21 12:50:34.193root 11241100x8000000000000000723496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a6e77782a9d4432021-12-21 12:50:34.193root 11241100x8000000000000000723497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f2123177565902021-12-21 12:50:34.193root 11241100x8000000000000000723498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef98740cf0b03902021-12-21 12:50:34.193root 11241100x8000000000000000723499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c181e5f7a7353362021-12-21 12:50:34.193root 11241100x8000000000000000723500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8dd863fd240682021-12-21 12:50:34.193root 11241100x8000000000000000723501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf0dd6d67cb4ed42021-12-21 12:50:34.194root 11241100x8000000000000000723502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152b44fb1895d9662021-12-21 12:50:34.194root 11241100x8000000000000000723503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62df550506d6ec352021-12-21 12:50:34.693root 11241100x8000000000000000723504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac007854acd918842021-12-21 12:50:34.693root 11241100x8000000000000000723505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f646e70d31ce63072021-12-21 12:50:34.693root 11241100x8000000000000000723506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b274ba94db822b242021-12-21 12:50:34.693root 11241100x8000000000000000723507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6377a03e66c24efc2021-12-21 12:50:34.693root 11241100x8000000000000000723508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966442d62e57082b2021-12-21 12:50:34.693root 11241100x8000000000000000723509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f745f6565fe52372021-12-21 12:50:34.693root 11241100x8000000000000000723510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f42610796ba5b122021-12-21 12:50:34.693root 11241100x8000000000000000723511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8641156afc77a2021-12-21 12:50:34.693root 11241100x8000000000000000723512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b7e523e3d0f60a2021-12-21 12:50:34.693root 11241100x8000000000000000723513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f37351a744ad1f22021-12-21 12:50:34.694root 11241100x8000000000000000723514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1548460913ff9f2021-12-21 12:50:35.192root 11241100x8000000000000000723515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98283f14d17d20e22021-12-21 12:50:35.193root 11241100x8000000000000000723516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955c28fbbedcf0ed2021-12-21 12:50:35.193root 11241100x8000000000000000723517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c55555d0ae68d2021-12-21 12:50:35.193root 11241100x8000000000000000723518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d227e1947fa68e2021-12-21 12:50:35.193root 11241100x8000000000000000723519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477ba6233b414102021-12-21 12:50:35.193root 11241100x8000000000000000723520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec94ce1f1fe398c2021-12-21 12:50:35.193root 11241100x8000000000000000723521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b06920816e9772021-12-21 12:50:35.193root 11241100x8000000000000000723522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5244d0d6c27780e72021-12-21 12:50:35.193root 11241100x8000000000000000723523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6a0992d21f796c2021-12-21 12:50:35.193root 11241100x8000000000000000723524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469db0b237bf9a002021-12-21 12:50:35.193root 11241100x8000000000000000723525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a156f195c20b062021-12-21 12:50:35.693root 11241100x8000000000000000723526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09cc3e6b072c802021-12-21 12:50:35.693root 11241100x8000000000000000723527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef76b90a498456532021-12-21 12:50:35.693root 11241100x8000000000000000723528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44adf5ff223714242021-12-21 12:50:35.693root 11241100x8000000000000000723529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1af58fbc02360d2021-12-21 12:50:35.693root 11241100x8000000000000000723530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472bcc91fc2c6f522021-12-21 12:50:35.693root 11241100x8000000000000000723531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5480e8b0225b79d62021-12-21 12:50:35.693root 11241100x8000000000000000723532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b0206f4de073382021-12-21 12:50:35.693root 11241100x8000000000000000723533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7e5da615af3d822021-12-21 12:50:35.693root 11241100x8000000000000000723534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd74e85b2dfca5a42021-12-21 12:50:35.693root 11241100x8000000000000000723535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0a825e2236a74d2021-12-21 12:50:35.694root 354300x8000000000000000723536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.026{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50564-false10.0.1.12-8000- 11241100x8000000000000000723537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b842e3247e04f3842021-12-21 12:50:36.027root 11241100x8000000000000000723538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bf810d86477c9d2021-12-21 12:50:36.027root 11241100x8000000000000000723539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfa0c7016ec6d702021-12-21 12:50:36.027root 11241100x8000000000000000723540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85877ec9dbfa71542021-12-21 12:50:36.028root 11241100x8000000000000000723541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936dcf01aaa295202021-12-21 12:50:36.028root 11241100x8000000000000000723542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6e5b07482630cd2021-12-21 12:50:36.029root 11241100x8000000000000000723543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dfd872b0c102f62021-12-21 12:50:36.029root 11241100x8000000000000000723544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6711d68e18b09c142021-12-21 12:50:36.029root 11241100x8000000000000000723545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e31cc5527719ca2021-12-21 12:50:36.029root 11241100x8000000000000000723546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2336bcb1a2f74062021-12-21 12:50:36.029root 11241100x8000000000000000723547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff90ee69056bdf12021-12-21 12:50:36.029root 11241100x8000000000000000723548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc993abdb96385832021-12-21 12:50:36.029root 11241100x8000000000000000723549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:50:36.131root 11241100x8000000000000000723550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ed144fb7bb3f932021-12-21 12:50:36.443root 11241100x8000000000000000723551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0728fb7b76167ad2021-12-21 12:50:36.443root 11241100x8000000000000000723552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d9c2d7168ff6432021-12-21 12:50:36.443root 11241100x8000000000000000723553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a68d7b5a6f64682021-12-21 12:50:36.443root 11241100x8000000000000000723554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f221e844f258cd82021-12-21 12:50:36.443root 11241100x8000000000000000723555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bd61ea66d9e6d52021-12-21 12:50:36.443root 11241100x8000000000000000723556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058993bf13fc89c82021-12-21 12:50:36.443root 11241100x8000000000000000723557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7674943c1844a33c2021-12-21 12:50:36.443root 11241100x8000000000000000723558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ee9a0ff0159d672021-12-21 12:50:36.444root 11241100x8000000000000000723559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9d1e55e6d1ee342021-12-21 12:50:36.444root 11241100x8000000000000000723560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f404ed69230f2b942021-12-21 12:50:36.444root 11241100x8000000000000000723561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a094b4029368e2021-12-21 12:50:36.444root 11241100x8000000000000000723562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c3646b907de1bd2021-12-21 12:50:36.444root 11241100x8000000000000000723563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70af8addcd4a66802021-12-21 12:50:36.943root 11241100x8000000000000000723564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668901acd5796522021-12-21 12:50:36.943root 11241100x8000000000000000723565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80894d26b79940092021-12-21 12:50:36.943root 11241100x8000000000000000723566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fddb6068bf90312021-12-21 12:50:36.943root 11241100x8000000000000000723567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768b28896379a8012021-12-21 12:50:36.943root 11241100x8000000000000000723568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f917f60b6bd034bf2021-12-21 12:50:36.943root 11241100x8000000000000000723569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3d9e1cca32e702021-12-21 12:50:36.943root 11241100x8000000000000000723570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a64fb388934b642021-12-21 12:50:36.943root 11241100x8000000000000000723571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1f5c789ec41b012021-12-21 12:50:36.944root 11241100x8000000000000000723572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23804ba95161588b2021-12-21 12:50:36.944root 11241100x8000000000000000723573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc697bff7746f8b42021-12-21 12:50:36.944root 11241100x8000000000000000723574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d943a0fb859ed2a2021-12-21 12:50:36.944root 11241100x8000000000000000723575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0443c8f9f3618e32021-12-21 12:50:36.944root 11241100x8000000000000000723576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b305d2e1133329e2021-12-21 12:50:37.443root 11241100x8000000000000000723577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49b69d8c0e54ab82021-12-21 12:50:37.443root 11241100x8000000000000000723578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d855bb5ca985922021-12-21 12:50:37.443root 11241100x8000000000000000723579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd0a550cc85289d2021-12-21 12:50:37.443root 11241100x8000000000000000723580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0745e3e260608a2021-12-21 12:50:37.443root 11241100x8000000000000000723581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69cf08f1c911c52021-12-21 12:50:37.444root 11241100x8000000000000000723582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74531c9453af7d172021-12-21 12:50:37.444root 11241100x8000000000000000723583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46806b07a84ba95e2021-12-21 12:50:37.444root 11241100x8000000000000000723584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd537cb24b0fa622021-12-21 12:50:37.444root 11241100x8000000000000000723585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a99a5b9cb483322021-12-21 12:50:37.444root 11241100x8000000000000000723586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bc07f63043dccf2021-12-21 12:50:37.444root 11241100x8000000000000000723587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf72c6725254120e2021-12-21 12:50:37.444root 11241100x8000000000000000723588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda1392f3946f4d12021-12-21 12:50:37.444root 11241100x8000000000000000723589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66ce71bbf98c2632021-12-21 12:50:37.943root 11241100x8000000000000000723590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c155231eabd661462021-12-21 12:50:37.943root 11241100x8000000000000000723591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd86f9ef74224a942021-12-21 12:50:37.943root 11241100x8000000000000000723592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84076004340be0192021-12-21 12:50:37.943root 11241100x8000000000000000723593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed41d5dfe9af26d2021-12-21 12:50:37.943root 11241100x8000000000000000723594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec05fb907f01122021-12-21 12:50:37.943root 11241100x8000000000000000723595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a38825cacfe7b7c2021-12-21 12:50:37.943root 11241100x8000000000000000723596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e5916d89935d992021-12-21 12:50:37.943root 11241100x8000000000000000723597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e57e9966c807292021-12-21 12:50:37.944root 11241100x8000000000000000723598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baed8b25c9482182021-12-21 12:50:37.944root 11241100x8000000000000000723599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463212e537e5353e2021-12-21 12:50:37.944root 11241100x8000000000000000723600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af9c4593ba5affa2021-12-21 12:50:37.944root 11241100x8000000000000000723601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cb4f5d0c3a8c0d2021-12-21 12:50:37.944root 11241100x8000000000000000723602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb751246b81a682021-12-21 12:50:38.443root 11241100x8000000000000000723603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3996dedcc30a822021-12-21 12:50:38.443root 11241100x8000000000000000723604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdcebc4edce1f842021-12-21 12:50:38.443root 11241100x8000000000000000723605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1afb4a05831ed1f2021-12-21 12:50:38.443root 11241100x8000000000000000723606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17d147a60d3c04f2021-12-21 12:50:38.443root 11241100x8000000000000000723607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbf43662de6a6a12021-12-21 12:50:38.443root 11241100x8000000000000000723608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7b29a9bd0643282021-12-21 12:50:38.444root 11241100x8000000000000000723609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fca06a18c61a0442021-12-21 12:50:38.444root 11241100x8000000000000000723610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43548298ec8cf8652021-12-21 12:50:38.444root 11241100x8000000000000000723611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc24ff6c298a08e2021-12-21 12:50:38.444root 11241100x8000000000000000723612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8edcfc5e05815d2021-12-21 12:50:38.444root 11241100x8000000000000000723613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115866bd96d902292021-12-21 12:50:38.444root 11241100x8000000000000000723614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626717a5df4f3af2021-12-21 12:50:38.444root 11241100x8000000000000000723615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632bba6f6913fcf2021-12-21 12:50:38.943root 11241100x8000000000000000723616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd399df823b6e62021-12-21 12:50:38.943root 11241100x8000000000000000723617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d50562a708737a2021-12-21 12:50:38.943root 11241100x8000000000000000723618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0f350630f57bdd2021-12-21 12:50:38.943root 11241100x8000000000000000723619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc0b86dfded02e32021-12-21 12:50:38.943root 11241100x8000000000000000723620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980064d1a71200212021-12-21 12:50:38.943root 11241100x8000000000000000723621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b427cb3acf2699a02021-12-21 12:50:38.943root 11241100x8000000000000000723622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48335f5b454d4b8d2021-12-21 12:50:38.943root 11241100x8000000000000000723623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96adf5d2f6c15e12021-12-21 12:50:38.943root 11241100x8000000000000000723624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2cbad05e367d522021-12-21 12:50:38.944root 11241100x8000000000000000723625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daaead0fdb29e7b2021-12-21 12:50:38.944root 11241100x8000000000000000723626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6543396a64f087192021-12-21 12:50:38.944root 11241100x8000000000000000723627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc78ecbb46c3ab92021-12-21 12:50:38.944root 154100x8000000000000000723628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.002{ec2b6afe-cd9f-61c1-6824-c19374550000}10158/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000723629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.013{ec2b6afe-cd9f-61c1-6824-c19374550000}10158/bin/psroot 23542300x8000000000000000723630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.132{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000723631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2951f437520842021-12-21 12:50:39.443root 11241100x8000000000000000723632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013db5034365426c2021-12-21 12:50:39.443root 11241100x8000000000000000723633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542147206d1f41982021-12-21 12:50:39.443root 11241100x8000000000000000723634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd1a8f97bc214462021-12-21 12:50:39.443root 11241100x8000000000000000723635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f6c8952962fd52021-12-21 12:50:39.443root 11241100x8000000000000000723636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978fddae2d063d952021-12-21 12:50:39.443root 11241100x8000000000000000723637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1798bc573a55a82021-12-21 12:50:39.444root 11241100x8000000000000000723638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6b5b33667260d22021-12-21 12:50:39.444root 11241100x8000000000000000723639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6770981f4e1fc942021-12-21 12:50:39.444root 11241100x8000000000000000723640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61f74c0d5b1da092021-12-21 12:50:39.444root 11241100x8000000000000000723641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a26fe04ec79ca82021-12-21 12:50:39.444root 11241100x8000000000000000723642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb90ea818ac72cb92021-12-21 12:50:39.444root 11241100x8000000000000000723643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8b630716eee5712021-12-21 12:50:39.444root 11241100x8000000000000000723644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc4f210faf154b2021-12-21 12:50:39.444root 11241100x8000000000000000723645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83936ae2931970ce2021-12-21 12:50:39.444root 11241100x8000000000000000723646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf64e42ece43fe92021-12-21 12:50:39.444root 11241100x8000000000000000723647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a05a1b7954544282021-12-21 12:50:39.943root 11241100x8000000000000000723648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8b9d68187680d32021-12-21 12:50:39.943root 11241100x8000000000000000723649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa74292ebc6f15952021-12-21 12:50:39.943root 11241100x8000000000000000723650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07b0d5564bc4f5b2021-12-21 12:50:39.943root 11241100x8000000000000000723651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa36e1af5d9e7a72021-12-21 12:50:39.943root 11241100x8000000000000000723652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1cec91038d4302021-12-21 12:50:39.943root 11241100x8000000000000000723653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb18d9f2766382c52021-12-21 12:50:39.944root 11241100x8000000000000000723654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d5816d3feab4a2021-12-21 12:50:39.944root 11241100x8000000000000000723655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413ae6ee91ceba3c2021-12-21 12:50:39.944root 11241100x8000000000000000723656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a65c59b537ae532021-12-21 12:50:39.944root 11241100x8000000000000000723657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d714d0c577b04bab2021-12-21 12:50:39.944root 11241100x8000000000000000723658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917177b26db07a872021-12-21 12:50:39.944root 11241100x8000000000000000723659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc554eeacbf78cd82021-12-21 12:50:39.944root 11241100x8000000000000000723660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dce6e3b00fcb772021-12-21 12:50:39.944root 11241100x8000000000000000723661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717717678659ac642021-12-21 12:50:39.944root 11241100x8000000000000000723662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f15a4c64d6f0f2021-12-21 12:50:39.944root 11241100x8000000000000000723663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1216de4726c5e12021-12-21 12:50:40.443root 11241100x8000000000000000723664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93231a06869c35fc2021-12-21 12:50:40.443root 11241100x8000000000000000723665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d747e61b2d0e72021-12-21 12:50:40.443root 11241100x8000000000000000723666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b167cb4e0a5ec78e2021-12-21 12:50:40.443root 11241100x8000000000000000723667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b4074c11d3fc972021-12-21 12:50:40.443root 11241100x8000000000000000723668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e65990467f6e30f2021-12-21 12:50:40.443root 11241100x8000000000000000723669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746d982c02f277422021-12-21 12:50:40.443root 11241100x8000000000000000723670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a3caa13ebe4b622021-12-21 12:50:40.444root 11241100x8000000000000000723671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51112aced48f9a2f2021-12-21 12:50:40.444root 11241100x8000000000000000723672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea58191a5105ce4e2021-12-21 12:50:40.444root 11241100x8000000000000000723673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1280d45d4b85d62021-12-21 12:50:40.444root 11241100x8000000000000000723674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2295495e520bd1412021-12-21 12:50:40.444root 11241100x8000000000000000723675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af27bb2a848ef752021-12-21 12:50:40.444root 11241100x8000000000000000723676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9a499be4877662021-12-21 12:50:40.444root 11241100x8000000000000000723677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981bef329486453c2021-12-21 12:50:40.444root 11241100x8000000000000000723678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5be3cb1f6a32d92021-12-21 12:50:40.444root 11241100x8000000000000000723679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b505dc24e5a978b2021-12-21 12:50:40.943root 11241100x8000000000000000723680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e558b962a96532021-12-21 12:50:40.943root 11241100x8000000000000000723681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe26090797017a12021-12-21 12:50:40.943root 11241100x8000000000000000723682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cc67926c5fa3a22021-12-21 12:50:40.943root 11241100x8000000000000000723683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344826d8827a72902021-12-21 12:50:40.944root 11241100x8000000000000000723684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd02206787d1c9682021-12-21 12:50:40.944root 11241100x8000000000000000723685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba150dd4c19e5eb32021-12-21 12:50:40.944root 11241100x8000000000000000723686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ac28c36ff36de2021-12-21 12:50:40.944root 11241100x8000000000000000723687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d0209816f451222021-12-21 12:50:40.944root 11241100x8000000000000000723688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c0f330815e54c2021-12-21 12:50:40.944root 11241100x8000000000000000723689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e88e08fa506c12021-12-21 12:50:40.944root 11241100x8000000000000000723690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca02c89e571a19f2021-12-21 12:50:40.944root 11241100x8000000000000000723691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f658f9e87274cda62021-12-21 12:50:40.944root 11241100x8000000000000000723692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a6e97f37b6d482021-12-21 12:50:40.944root 11241100x8000000000000000723693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb1781406b87a52021-12-21 12:50:40.944root 11241100x8000000000000000723694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcc6a549b66afa22021-12-21 12:50:40.944root 354300x8000000000000000723695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.073{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50566-false10.0.1.12-8000- 11241100x8000000000000000723696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55295b1e34871d52021-12-21 12:50:41.443root 11241100x8000000000000000723697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf624989ad790eb82021-12-21 12:50:41.443root 11241100x8000000000000000723698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30194ce6d317dfea2021-12-21 12:50:41.443root 11241100x8000000000000000723699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f2c84e96e048952021-12-21 12:50:41.443root 11241100x8000000000000000723700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2192192a79c6472021-12-21 12:50:41.443root 11241100x8000000000000000723701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35855cc8b36b41032021-12-21 12:50:41.444root 11241100x8000000000000000723702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a0093a7258a2632021-12-21 12:50:41.444root 11241100x8000000000000000723703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af35da8b35a338b2021-12-21 12:50:41.444root 11241100x8000000000000000723704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feee14e4e290166e2021-12-21 12:50:41.444root 11241100x8000000000000000723705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e5d7e58f5e44302021-12-21 12:50:41.444root 11241100x8000000000000000723706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad964ec40b5d68e32021-12-21 12:50:41.444root 11241100x8000000000000000723707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237374cf7362d0c02021-12-21 12:50:41.444root 11241100x8000000000000000723708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4884d12c466356b2021-12-21 12:50:41.444root 11241100x8000000000000000723709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9429ba54acba6632021-12-21 12:50:41.444root 11241100x8000000000000000723710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340eef89d010990e2021-12-21 12:50:41.444root 11241100x8000000000000000723711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e3efe9590d6a6e2021-12-21 12:50:41.444root 11241100x8000000000000000723712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ea57d2494fcf62021-12-21 12:50:41.444root 11241100x8000000000000000723713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d106f2c9b12bb8992021-12-21 12:50:41.943root 11241100x8000000000000000723714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23bb0bdcb12dea02021-12-21 12:50:41.943root 11241100x8000000000000000723715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e09c871578a6c762021-12-21 12:50:41.944root 11241100x8000000000000000723716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebdfdfa03e9ead22021-12-21 12:50:41.944root 11241100x8000000000000000723717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf8630e905695c72021-12-21 12:50:41.944root 11241100x8000000000000000723718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bffc458d08d42a22021-12-21 12:50:41.944root 11241100x8000000000000000723719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f8939ca44e2d312021-12-21 12:50:41.944root 11241100x8000000000000000723720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa0541e8ca8b1c02021-12-21 12:50:41.944root 11241100x8000000000000000723721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d387956cffd45c142021-12-21 12:50:41.945root 11241100x8000000000000000723722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beff7ff37ea6ef942021-12-21 12:50:41.945root 11241100x8000000000000000723723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2271a2d13f0d9cf32021-12-21 12:50:41.945root 11241100x8000000000000000723724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ef0b870c22af882021-12-21 12:50:41.945root 11241100x8000000000000000723725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e9f5804cf98fae2021-12-21 12:50:41.945root 11241100x8000000000000000723726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c72a96b923ccc12021-12-21 12:50:41.945root 11241100x8000000000000000723727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74114bb7cfce5a1e2021-12-21 12:50:41.945root 11241100x8000000000000000723728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ac4775c7265d002021-12-21 12:50:41.946root 11241100x8000000000000000723729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38416aec414532662021-12-21 12:50:41.946root 11241100x8000000000000000723730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bca2cdfee47f8c82021-12-21 12:50:42.443root 11241100x8000000000000000723731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b2a30c48e01ed2021-12-21 12:50:42.443root 11241100x8000000000000000723732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4246fe89976b624e2021-12-21 12:50:42.444root 11241100x8000000000000000723733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ebd45f34172d62021-12-21 12:50:42.444root 11241100x8000000000000000723734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94096c4e0a97ab2021-12-21 12:50:42.444root 11241100x8000000000000000723735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8dbafa25cda172021-12-21 12:50:42.444root 11241100x8000000000000000723736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb1155a82964d5f2021-12-21 12:50:42.444root 11241100x8000000000000000723737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9fd77ad9d99ef52021-12-21 12:50:42.444root 11241100x8000000000000000723738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf22ca329d7a2ee2021-12-21 12:50:42.445root 11241100x8000000000000000723739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec94d686e6460cb12021-12-21 12:50:42.445root 11241100x8000000000000000723740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c237efd952e7262021-12-21 12:50:42.445root 11241100x8000000000000000723741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2383a403499459172021-12-21 12:50:42.445root 11241100x8000000000000000723742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c8b38f663fb8e92021-12-21 12:50:42.445root 11241100x8000000000000000723743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedbcbe8020ac0872021-12-21 12:50:42.445root 11241100x8000000000000000723744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be159bcf8a6738872021-12-21 12:50:42.445root 11241100x8000000000000000723745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8176e3dbc6477ab32021-12-21 12:50:42.446root 11241100x8000000000000000723746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaff8a8c8cb6acf2021-12-21 12:50:42.446root 11241100x8000000000000000723747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828f66bd8069f86a2021-12-21 12:50:42.943root 11241100x8000000000000000723748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c0204dadd023332021-12-21 12:50:42.943root 11241100x8000000000000000723749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee024f2d0a0aab2021-12-21 12:50:42.944root 11241100x8000000000000000723750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea748e71ce77e02a2021-12-21 12:50:42.944root 11241100x8000000000000000723751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9c00950499f0f92021-12-21 12:50:42.944root 11241100x8000000000000000723752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f409baba936da2d32021-12-21 12:50:42.944root 11241100x8000000000000000723753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9051dd4f0870c362021-12-21 12:50:42.944root 11241100x8000000000000000723754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7708a0f3e27690162021-12-21 12:50:42.944root 11241100x8000000000000000723755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca536bae7e9504fb2021-12-21 12:50:42.945root 11241100x8000000000000000723756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4fe00c3d753e72021-12-21 12:50:42.945root 11241100x8000000000000000723757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba248e4f4e14b7b2021-12-21 12:50:42.945root 11241100x8000000000000000723758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd65674693774b722021-12-21 12:50:42.945root 11241100x8000000000000000723759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbfcd6c119004712021-12-21 12:50:42.945root 11241100x8000000000000000723760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ba1c0b9aa8b5e2021-12-21 12:50:42.945root 11241100x8000000000000000723761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1f5b495aaa1f842021-12-21 12:50:42.945root 11241100x8000000000000000723762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49582a50948d5872021-12-21 12:50:42.946root 11241100x8000000000000000723763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062818207f5da2f62021-12-21 12:50:42.946root 11241100x8000000000000000723764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3efc42f95683c7b2021-12-21 12:50:43.443root 11241100x8000000000000000723765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7704452f22724ee52021-12-21 12:50:43.443root 11241100x8000000000000000723766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49900a91654b9b0d2021-12-21 12:50:43.443root 11241100x8000000000000000723767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc227ea43350f3012021-12-21 12:50:43.443root 11241100x8000000000000000723768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1789d19b52373f4f2021-12-21 12:50:43.444root 11241100x8000000000000000723769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e041df9033e04722021-12-21 12:50:43.444root 11241100x8000000000000000723770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a94f56783067a62021-12-21 12:50:43.444root 11241100x8000000000000000723771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a537f15bd6a4490a2021-12-21 12:50:43.444root 11241100x8000000000000000723772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4a2543e86af8342021-12-21 12:50:43.444root 11241100x8000000000000000723773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dc3295c9bf54932021-12-21 12:50:43.444root 11241100x8000000000000000723774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f804625e7040d0572021-12-21 12:50:43.444root 11241100x8000000000000000723775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625d3b6a981621cb2021-12-21 12:50:43.444root 11241100x8000000000000000723776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737e92560112fb3d2021-12-21 12:50:43.444root 11241100x8000000000000000723777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823a657833b178f52021-12-21 12:50:43.444root 11241100x8000000000000000723778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2679fb5364e4316f2021-12-21 12:50:43.444root 11241100x8000000000000000723779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb545fcd0844932021-12-21 12:50:43.444root 11241100x8000000000000000723780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d6135b6790dd12021-12-21 12:50:43.444root 11241100x8000000000000000723781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c676161abdec94de2021-12-21 12:50:43.943root 11241100x8000000000000000723782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2b24bd84fe1b9e2021-12-21 12:50:43.943root 11241100x8000000000000000723783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac99b56adf330292021-12-21 12:50:43.944root 11241100x8000000000000000723784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794a521a5a5ee2742021-12-21 12:50:43.944root 11241100x8000000000000000723785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc5983ebc15f2be2021-12-21 12:50:43.944root 11241100x8000000000000000723786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4f78833c3431a82021-12-21 12:50:43.944root 11241100x8000000000000000723787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81c6790873551702021-12-21 12:50:43.944root 11241100x8000000000000000723788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af4e1700f5066f2021-12-21 12:50:43.944root 11241100x8000000000000000723789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66c62467277198e2021-12-21 12:50:43.945root 11241100x8000000000000000723790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd3b927d212c8c02021-12-21 12:50:43.945root 11241100x8000000000000000723791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62997d4b09987f902021-12-21 12:50:43.945root 11241100x8000000000000000723792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e9067f10b7356f2021-12-21 12:50:43.945root 11241100x8000000000000000723793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2d79d29eca15f2021-12-21 12:50:43.945root 11241100x8000000000000000723794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd4f1789c72c8f72021-12-21 12:50:43.945root 11241100x8000000000000000723795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2691f3bd05572802021-12-21 12:50:43.945root 11241100x8000000000000000723796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6752137320e6e0a82021-12-21 12:50:43.946root 11241100x8000000000000000723797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db1353d4520f8562021-12-21 12:50:43.946root 11241100x8000000000000000723798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75664b575e06f612021-12-21 12:50:44.443root 11241100x8000000000000000723799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad558e0b3d9f1bf2021-12-21 12:50:44.443root 11241100x8000000000000000723800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025ddc37c880e8932021-12-21 12:50:44.444root 11241100x8000000000000000723801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3c0fa5ee67ae12021-12-21 12:50:44.444root 11241100x8000000000000000723802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb763a524c14776a2021-12-21 12:50:44.444root 11241100x8000000000000000723803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a60b86d302ad9c2021-12-21 12:50:44.444root 11241100x8000000000000000723804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5384dc6fbc564c22021-12-21 12:50:44.444root 11241100x8000000000000000723805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8f2b71353df9d2021-12-21 12:50:44.444root 11241100x8000000000000000723806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a7581981e4c6b2021-12-21 12:50:44.444root 11241100x8000000000000000723807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e705b78514a2d4582021-12-21 12:50:44.445root 11241100x8000000000000000723808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36eacb86a28ae712021-12-21 12:50:44.445root 11241100x8000000000000000723809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e780f2164633ff02021-12-21 12:50:44.445root 11241100x8000000000000000723810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdc720d22e53aca2021-12-21 12:50:44.445root 11241100x8000000000000000723811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a6724cb0b031452021-12-21 12:50:44.445root 11241100x8000000000000000723812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1cae7c5780f3de2021-12-21 12:50:44.445root 11241100x8000000000000000723813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c098d0231ed32fee2021-12-21 12:50:44.445root 11241100x8000000000000000723814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2409955c34dcd7c62021-12-21 12:50:44.445root 11241100x8000000000000000723815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d112abb3d052d7c2021-12-21 12:50:44.943root 11241100x8000000000000000723816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b259bd38df6bbb162021-12-21 12:50:44.943root 11241100x8000000000000000723817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e26a5319c558122021-12-21 12:50:44.943root 11241100x8000000000000000723818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f8f128cfea6e02021-12-21 12:50:44.943root 11241100x8000000000000000723819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670d513d7479789e2021-12-21 12:50:44.943root 11241100x8000000000000000723820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc66b464415c3ab62021-12-21 12:50:44.944root 11241100x8000000000000000723821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb7c2710dc3c452021-12-21 12:50:44.944root 11241100x8000000000000000723822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce20f061b98720e2021-12-21 12:50:44.944root 11241100x8000000000000000723823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ecbb2eaad1eff2021-12-21 12:50:44.944root 11241100x8000000000000000723824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192205f45e63d772021-12-21 12:50:44.944root 11241100x8000000000000000723825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a873411f645a5db2021-12-21 12:50:44.944root 11241100x8000000000000000723826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b141be35c18fda2021-12-21 12:50:44.944root 11241100x8000000000000000723827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73acdc083447606f2021-12-21 12:50:44.944root 11241100x8000000000000000723828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aecbd91e583f7262021-12-21 12:50:44.944root 11241100x8000000000000000723829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba59f33a9b2fe02021-12-21 12:50:44.944root 11241100x8000000000000000723830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e4673d3ce34f3c2021-12-21 12:50:44.944root 11241100x8000000000000000723831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92054e7078c6d1d02021-12-21 12:50:44.944root 11241100x8000000000000000723832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ae320f7713d002021-12-21 12:50:45.443root 11241100x8000000000000000723833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4abfbd9e6239962021-12-21 12:50:45.443root 11241100x8000000000000000723834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eb2983b51d6bc12021-12-21 12:50:45.443root 11241100x8000000000000000723835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed25a33a3154f0a72021-12-21 12:50:45.443root 11241100x8000000000000000723836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16425cf2fce40bf2021-12-21 12:50:45.443root 11241100x8000000000000000723837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1307d3a5061a6f2021-12-21 12:50:45.443root 11241100x8000000000000000723838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aab5af3b9e1bc02021-12-21 12:50:45.444root 11241100x8000000000000000723839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3da1461417a0582021-12-21 12:50:45.444root 11241100x8000000000000000723840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29800f67e4f90ea2021-12-21 12:50:45.444root 11241100x8000000000000000723841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72480fdd3b6107cd2021-12-21 12:50:45.444root 11241100x8000000000000000723842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dc1fa09cdf82032021-12-21 12:50:45.444root 11241100x8000000000000000723843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2b456209de58fc2021-12-21 12:50:45.444root 11241100x8000000000000000723844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ae437dfcd5c97a2021-12-21 12:50:45.444root 11241100x8000000000000000723845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2533175a9a6d8d82021-12-21 12:50:45.444root 11241100x8000000000000000723846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4184fb2c64f20ce12021-12-21 12:50:45.444root 11241100x8000000000000000723847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6178f893fa15a42021-12-21 12:50:45.444root 11241100x8000000000000000723848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3fa0af3f7a9a462021-12-21 12:50:45.444root 11241100x8000000000000000723849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21f476225644bb42021-12-21 12:50:45.943root 11241100x8000000000000000723850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60352bfbe2c4b61a2021-12-21 12:50:45.943root 11241100x8000000000000000723851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bd5ea216a98f32021-12-21 12:50:45.943root 11241100x8000000000000000723852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b632f0afed2002021-12-21 12:50:45.943root 11241100x8000000000000000723853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f3601fb9df27ed2021-12-21 12:50:45.943root 11241100x8000000000000000723854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb10fe382527358f2021-12-21 12:50:45.943root 11241100x8000000000000000723855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ad2d230486d9002021-12-21 12:50:45.943root 11241100x8000000000000000723856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168b55435c035ee12021-12-21 12:50:45.944root 11241100x8000000000000000723857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55612c750704f8e92021-12-21 12:50:45.944root 11241100x8000000000000000723858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1741eb9f1cef32021-12-21 12:50:45.944root 11241100x8000000000000000723859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff3a0f2242d80ff2021-12-21 12:50:45.944root 11241100x8000000000000000723860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e08232d99db2ac2021-12-21 12:50:45.944root 11241100x8000000000000000723861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b88c1529ab2d62021-12-21 12:50:45.944root 11241100x8000000000000000723862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d2cf81f87850c2021-12-21 12:50:45.944root 11241100x8000000000000000723863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1018d6acfe4851de2021-12-21 12:50:45.944root 11241100x8000000000000000723864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f343694a471ec02021-12-21 12:50:45.944root 11241100x8000000000000000723865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c54f8a537ac4d32021-12-21 12:50:45.944root 354300x8000000000000000723866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50568-false10.0.1.12-8000- 11241100x8000000000000000723867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41906839f777abd42021-12-21 12:50:46.443root 11241100x8000000000000000723868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbcf97c3eeed8202021-12-21 12:50:46.443root 11241100x8000000000000000723869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ad49ca2ea13e252021-12-21 12:50:46.443root 11241100x8000000000000000723870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d053464f8c5e13e12021-12-21 12:50:46.443root 11241100x8000000000000000723871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae472234911f42942021-12-21 12:50:46.444root 11241100x8000000000000000723872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5543950616ce032021-12-21 12:50:46.444root 11241100x8000000000000000723873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef2ce69b559c2f92021-12-21 12:50:46.444root 11241100x8000000000000000723874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc16661eae6441b2021-12-21 12:50:46.444root 11241100x8000000000000000723875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb4dcf28ce690d42021-12-21 12:50:46.444root 11241100x8000000000000000723876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c832c9578eb8182021-12-21 12:50:46.444root 11241100x8000000000000000723877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b7722401984cd2021-12-21 12:50:46.444root 11241100x8000000000000000723878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0bb943f78cd6682021-12-21 12:50:46.444root 11241100x8000000000000000723879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1092ced38ccd2e2021-12-21 12:50:46.444root 11241100x8000000000000000723880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f301bfc45fe5da3b2021-12-21 12:50:46.444root 11241100x8000000000000000723881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5264580707c8282021-12-21 12:50:46.445root 11241100x8000000000000000723882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85487e663c0b3e2f2021-12-21 12:50:46.445root 11241100x8000000000000000723883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b74cfdedc7372c2021-12-21 12:50:46.445root 11241100x8000000000000000723884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbaa38e5d6c26332021-12-21 12:50:46.445root 11241100x8000000000000000723885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762ef5ea1399a9672021-12-21 12:50:46.943root 11241100x8000000000000000723886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4874820864d263702021-12-21 12:50:46.943root 11241100x8000000000000000723887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d10a4e7e80762fd2021-12-21 12:50:46.943root 11241100x8000000000000000723888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72cc71bf23a131a2021-12-21 12:50:46.943root 11241100x8000000000000000723889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710c39ce0b970dd2021-12-21 12:50:46.944root 11241100x8000000000000000723890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a9200322b554442021-12-21 12:50:46.944root 11241100x8000000000000000723891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13be5f6ca0ce6022021-12-21 12:50:46.944root 11241100x8000000000000000723892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526b4299c1c24f22021-12-21 12:50:46.944root 11241100x8000000000000000723893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ecd99029f85ab2021-12-21 12:50:46.944root 11241100x8000000000000000723894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e683bed4e3c4ef22021-12-21 12:50:46.944root 11241100x8000000000000000723895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42a89cb6a654cf62021-12-21 12:50:46.944root 11241100x8000000000000000723896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ad19cffa6e9f522021-12-21 12:50:46.944root 11241100x8000000000000000723897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc4a59cc2d0b2512021-12-21 12:50:46.944root 11241100x8000000000000000723898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ad1038a7a312b72021-12-21 12:50:46.944root 11241100x8000000000000000723899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280127dba6c8af92021-12-21 12:50:46.945root 11241100x8000000000000000723900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92283cef111abdc92021-12-21 12:50:46.945root 11241100x8000000000000000723901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51257d1aaacf2a862021-12-21 12:50:46.945root 11241100x8000000000000000723902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f403273d4c91d182021-12-21 12:50:46.945root 11241100x8000000000000000723903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472db3f74f6788c92021-12-21 12:50:47.443root 11241100x8000000000000000723904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f144331a9e73c43d2021-12-21 12:50:47.443root 11241100x8000000000000000723905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018887ebb2fd3ef12021-12-21 12:50:47.443root 11241100x8000000000000000723906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd239a08f2aabd2021-12-21 12:50:47.443root 11241100x8000000000000000723907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebd51cfeac10d2a2021-12-21 12:50:47.443root 11241100x8000000000000000723908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7dec11982c5d432021-12-21 12:50:47.444root 11241100x8000000000000000723909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b084ec8e53dcdd62021-12-21 12:50:47.444root 11241100x8000000000000000723910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fba9da24b90eb2e2021-12-21 12:50:47.444root 11241100x8000000000000000723911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d2dec3b1a793e62021-12-21 12:50:47.444root 11241100x8000000000000000723912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d819ca572899c2021-12-21 12:50:47.444root 11241100x8000000000000000723913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6a1813e05118d2021-12-21 12:50:47.444root 11241100x8000000000000000723914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fadfe0e17aa9da92021-12-21 12:50:47.444root 11241100x8000000000000000723915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deec98fcf7a6f632021-12-21 12:50:47.444root 11241100x8000000000000000723916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a17c1d7cf42a1842021-12-21 12:50:47.444root 11241100x8000000000000000723917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd213be45c16d942021-12-21 12:50:47.444root 11241100x8000000000000000723918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68cc77ff2b847b82021-12-21 12:50:47.444root 11241100x8000000000000000723919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2119d5001256c62021-12-21 12:50:47.444root 11241100x8000000000000000723920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb87fa84729dce8b2021-12-21 12:50:47.444root 11241100x8000000000000000723921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520bb8c65be23cbe2021-12-21 12:50:47.943root 11241100x8000000000000000723922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252e3257f69a15ba2021-12-21 12:50:47.943root 11241100x8000000000000000723923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010608f653b1d222021-12-21 12:50:47.943root 11241100x8000000000000000723924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341893bb2ae7dad82021-12-21 12:50:47.943root 11241100x8000000000000000723925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f36d8b52bb4f3e2021-12-21 12:50:47.944root 11241100x8000000000000000723926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c698e4f7d01422021-12-21 12:50:47.944root 11241100x8000000000000000723927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbbd4f6964f1f3f2021-12-21 12:50:47.944root 11241100x8000000000000000723928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab39b70fb8e577b2021-12-21 12:50:47.944root 11241100x8000000000000000723929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ceaf71f27df32192021-12-21 12:50:47.944root 11241100x8000000000000000723930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9bb432d64f703b2021-12-21 12:50:47.944root 11241100x8000000000000000723931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbbdeabf21f08232021-12-21 12:50:47.944root 11241100x8000000000000000723932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2052998a5f8a8f402021-12-21 12:50:47.944root 11241100x8000000000000000723933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf0f5b774b2dec32021-12-21 12:50:47.944root 11241100x8000000000000000723934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98d6b9f4c6c465e2021-12-21 12:50:47.944root 11241100x8000000000000000723935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53069a0c628bfa3b2021-12-21 12:50:47.944root 11241100x8000000000000000723936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deacbfc95e3a6bb52021-12-21 12:50:47.944root 11241100x8000000000000000723937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c41f2afba97005d2021-12-21 12:50:47.944root 11241100x8000000000000000723938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93cc65f0648d2dc2021-12-21 12:50:47.944root 11241100x8000000000000000723939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91c969263d299c02021-12-21 12:50:48.443root 11241100x8000000000000000723940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab602fc0fa7e1302021-12-21 12:50:48.443root 11241100x8000000000000000723941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af7f44bbd61129f2021-12-21 12:50:48.443root 11241100x8000000000000000723942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98e163ad2d82dca2021-12-21 12:50:48.443root 11241100x8000000000000000723943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f2b7888e7c06a2021-12-21 12:50:48.443root 11241100x8000000000000000723944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f87be24b78bd25b2021-12-21 12:50:48.444root 11241100x8000000000000000723945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5114b197c7b888732021-12-21 12:50:48.444root 11241100x8000000000000000723946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6a2490415d63942021-12-21 12:50:48.444root 11241100x8000000000000000723947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0777238882c7c2362021-12-21 12:50:48.444root 11241100x8000000000000000723948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8903dd08d916bf2021-12-21 12:50:48.444root 11241100x8000000000000000723949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39749eee9c8b37af2021-12-21 12:50:48.444root 11241100x8000000000000000723950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87672e3ea5a8b292021-12-21 12:50:48.444root 11241100x8000000000000000723951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8493fea812fd9d2021-12-21 12:50:48.444root 11241100x8000000000000000723952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5813a18811cf5412021-12-21 12:50:48.444root 11241100x8000000000000000723953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae047b58e017475d2021-12-21 12:50:48.444root 11241100x8000000000000000723954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9273f7e095695f2b2021-12-21 12:50:48.444root 11241100x8000000000000000723955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53b7587040ae1f2021-12-21 12:50:48.444root 11241100x8000000000000000723956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ab8da51d52bd7f2021-12-21 12:50:48.444root 11241100x8000000000000000723957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be20daf17f5a0922021-12-21 12:50:48.943root 11241100x8000000000000000723958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162b53cfe1130552021-12-21 12:50:48.943root 11241100x8000000000000000723959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc6dec39091cef2021-12-21 12:50:48.943root 11241100x8000000000000000723960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b0160b01d4ef952021-12-21 12:50:48.944root 11241100x8000000000000000723961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8466d97c5d9668662021-12-21 12:50:48.944root 11241100x8000000000000000723962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733d94bbe99a5a5c2021-12-21 12:50:48.944root 11241100x8000000000000000723963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aed72bad531797f2021-12-21 12:50:48.944root 11241100x8000000000000000723964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bd9e102fef51202021-12-21 12:50:48.944root 11241100x8000000000000000723965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5374eee323159c092021-12-21 12:50:48.944root 11241100x8000000000000000723966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e94f75e7f57a7232021-12-21 12:50:48.944root 11241100x8000000000000000723967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0957d1a5de916bfa2021-12-21 12:50:48.944root 11241100x8000000000000000723968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cc7906328a135c2021-12-21 12:50:48.944root 11241100x8000000000000000723969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bf98ed761e6d6e2021-12-21 12:50:48.944root 11241100x8000000000000000723970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54795d035052662021-12-21 12:50:48.944root 11241100x8000000000000000723971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa0313d23bd75222021-12-21 12:50:48.944root 11241100x8000000000000000723972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc821b2db4c1dcc2021-12-21 12:50:48.944root 11241100x8000000000000000723973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc82aec40148ae412021-12-21 12:50:48.944root 11241100x8000000000000000723974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c27f32f94f3d602021-12-21 12:50:48.945root 11241100x8000000000000000723975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb48c8b11898c7b02021-12-21 12:50:49.443root 11241100x8000000000000000723976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5f5de3124fb6d2021-12-21 12:50:49.443root 11241100x8000000000000000723977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be4bafd42c27742021-12-21 12:50:49.443root 11241100x8000000000000000723978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2662731a412867a52021-12-21 12:50:49.443root 11241100x8000000000000000723979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c2384c6fb755992021-12-21 12:50:49.443root 11241100x8000000000000000723980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2b63364bc6ae82021-12-21 12:50:49.444root 11241100x8000000000000000723981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700745286a8b5452021-12-21 12:50:49.444root 11241100x8000000000000000723982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162e82c0d7e435cb2021-12-21 12:50:49.444root 11241100x8000000000000000723983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2b0365b2f489672021-12-21 12:50:49.444root 11241100x8000000000000000723984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc472d3fd1562f4b2021-12-21 12:50:49.444root 11241100x8000000000000000723985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb258a036f7131ff2021-12-21 12:50:49.444root 11241100x8000000000000000723986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c1bab32539ce842021-12-21 12:50:49.444root 11241100x8000000000000000723987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f4edd8e09072032021-12-21 12:50:49.444root 11241100x8000000000000000723988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9856277560e7f22021-12-21 12:50:49.444root 11241100x8000000000000000723989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320559ed49a225a62021-12-21 12:50:49.444root 11241100x8000000000000000723990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563928ae7eb7c2432021-12-21 12:50:49.444root 11241100x8000000000000000723991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4c42d4b5ead212021-12-21 12:50:49.444root 11241100x8000000000000000723992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e0c1322ec792f2021-12-21 12:50:49.444root 11241100x8000000000000000723993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde0693bdd706a3e2021-12-21 12:50:49.943root 11241100x8000000000000000723994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96874dabba45d8542021-12-21 12:50:49.943root 11241100x8000000000000000723995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefff6397c5a9cf2021-12-21 12:50:49.943root 11241100x8000000000000000723996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71521d67e08785212021-12-21 12:50:49.943root 11241100x8000000000000000723997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca843c63a5e7a49a2021-12-21 12:50:49.943root 11241100x8000000000000000723998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494581c760a6d2492021-12-21 12:50:49.944root 11241100x8000000000000000723999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55c89f7a6a991ff2021-12-21 12:50:49.944root 11241100x8000000000000000724000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d5b4f52b3652ee2021-12-21 12:50:49.944root 11241100x8000000000000000724001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6c0c5cddfdb2a2021-12-21 12:50:49.944root 11241100x8000000000000000724002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b3c26e4febf9e2021-12-21 12:50:49.944root 11241100x8000000000000000724003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad1341922509872021-12-21 12:50:49.944root 11241100x8000000000000000724004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92523a554e69ad532021-12-21 12:50:49.944root 11241100x8000000000000000724005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e202a2d8be8851cf2021-12-21 12:50:49.944root 11241100x8000000000000000724006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6c78462987c132021-12-21 12:50:49.944root 11241100x8000000000000000724007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16b680249790252021-12-21 12:50:49.944root 11241100x8000000000000000724008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da20b9f068bfd11b2021-12-21 12:50:49.944root 11241100x8000000000000000724009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2908177a7293ab992021-12-21 12:50:49.944root 11241100x8000000000000000724010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79e029b13ea03fa2021-12-21 12:50:49.944root 11241100x8000000000000000724011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dfa1767dd180a12021-12-21 12:50:50.443root 11241100x8000000000000000724012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190536f6922d32fb2021-12-21 12:50:50.443root 11241100x8000000000000000724013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df91fceef35ee3052021-12-21 12:50:50.443root 11241100x8000000000000000724014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85501361a32f005f2021-12-21 12:50:50.443root 11241100x8000000000000000724015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1a2a02f8a9de402021-12-21 12:50:50.443root 11241100x8000000000000000724016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee067ce52e8721282021-12-21 12:50:50.444root 11241100x8000000000000000724017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cee11d5074462e2021-12-21 12:50:50.444root 11241100x8000000000000000724018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a0e51c3ada3a482021-12-21 12:50:50.444root 11241100x8000000000000000724019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131beaeef0b0931e2021-12-21 12:50:50.444root 11241100x8000000000000000724020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf61c2d797a69df2021-12-21 12:50:50.444root 11241100x8000000000000000724021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a61f507135f7f22021-12-21 12:50:50.444root 11241100x8000000000000000724022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b028989b8323072021-12-21 12:50:50.444root 11241100x8000000000000000724023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4fc6d093b450a2021-12-21 12:50:50.444root 11241100x8000000000000000724024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6265386d5fd679d02021-12-21 12:50:50.444root 11241100x8000000000000000724025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f0462f434eacc42021-12-21 12:50:50.444root 11241100x8000000000000000724026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fee7be74fbcb512021-12-21 12:50:50.444root 11241100x8000000000000000724027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa2a559474ad092021-12-21 12:50:50.444root 11241100x8000000000000000724028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d04bed8f180242e2021-12-21 12:50:50.444root 11241100x8000000000000000724029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc4f7ffc54f62ba2021-12-21 12:50:50.943root 11241100x8000000000000000724030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e9979b83919dfa2021-12-21 12:50:50.943root 11241100x8000000000000000724031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e00dbbdcb1e26f92021-12-21 12:50:50.944root 11241100x8000000000000000724032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63f8906a74c212d2021-12-21 12:50:50.944root 11241100x8000000000000000724033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1c8fecb3f204df2021-12-21 12:50:50.944root 11241100x8000000000000000724034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705ab8db798e5d782021-12-21 12:50:50.944root 11241100x8000000000000000724035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a77f45290c8fce2021-12-21 12:50:50.944root 11241100x8000000000000000724036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca16425ec06e5f2021-12-21 12:50:50.944root 11241100x8000000000000000724037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0680ed6cc7b5bba92021-12-21 12:50:50.944root 11241100x8000000000000000724038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e59a4978ef8460b2021-12-21 12:50:50.944root 11241100x8000000000000000724039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0596dc33ceeb3e9b2021-12-21 12:50:50.944root 11241100x8000000000000000724040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4166c5f32ac43dc2021-12-21 12:50:50.944root 11241100x8000000000000000724041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225ddec69734f9782021-12-21 12:50:50.944root 11241100x8000000000000000724042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b890eb8df3548042021-12-21 12:50:50.944root 11241100x8000000000000000724043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce8801fc07b48b02021-12-21 12:50:50.944root 11241100x8000000000000000724044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610c3f7497a559e2021-12-21 12:50:50.944root 11241100x8000000000000000724045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c5488a51641fb02021-12-21 12:50:50.944root 11241100x8000000000000000724046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d86b1b53fcc02b2021-12-21 12:50:50.944root 11241100x8000000000000000724047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c79dfdd0c5e82e62021-12-21 12:50:50.945root 11241100x8000000000000000724048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90ae665326b13952021-12-21 12:50:50.945root 11241100x8000000000000000724049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56acd7f378f204472021-12-21 12:50:50.945root 11241100x8000000000000000724050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea75681c259919dc2021-12-21 12:50:51.443root 11241100x8000000000000000724051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac457791d604cd2021-12-21 12:50:51.443root 11241100x8000000000000000724052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edbf24b45db29662021-12-21 12:50:51.443root 11241100x8000000000000000724053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fe73f52c4d09862021-12-21 12:50:51.443root 11241100x8000000000000000724054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e934330ac89dca52021-12-21 12:50:51.444root 11241100x8000000000000000724055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b2a56916f8ee242021-12-21 12:50:51.444root 11241100x8000000000000000724056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ffae5c366ae6e2021-12-21 12:50:51.444root 11241100x8000000000000000724057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e320c05a7ca252021-12-21 12:50:51.444root 11241100x8000000000000000724058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effa318acdff88cc2021-12-21 12:50:51.444root 11241100x8000000000000000724059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999b815ce0bf0df92021-12-21 12:50:51.444root 11241100x8000000000000000724060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7479fcef24078b52021-12-21 12:50:51.444root 11241100x8000000000000000724061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adae700ec00bc532021-12-21 12:50:51.444root 11241100x8000000000000000724062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032d1697255816ef2021-12-21 12:50:51.444root 11241100x8000000000000000724063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3001678fcff4ec2021-12-21 12:50:51.444root 11241100x8000000000000000724064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c305df189e4579d52021-12-21 12:50:51.444root 11241100x8000000000000000724065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deb81327d9f93bb2021-12-21 12:50:51.444root 11241100x8000000000000000724066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda2551f173a8c492021-12-21 12:50:51.444root 11241100x8000000000000000724067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e854b85fe0f86292021-12-21 12:50:51.444root 11241100x8000000000000000724068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452144a47ee43c592021-12-21 12:50:51.943root 11241100x8000000000000000724069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8023ba8d5f2992682021-12-21 12:50:51.943root 11241100x8000000000000000724070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49b2b2176f9134e2021-12-21 12:50:51.943root 11241100x8000000000000000724071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6016b266c04cf0032021-12-21 12:50:51.943root 11241100x8000000000000000724072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec128015caa33eb92021-12-21 12:50:51.943root 11241100x8000000000000000724073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281bcaf01f5032da2021-12-21 12:50:51.944root 11241100x8000000000000000724074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669dbff9344ebdc42021-12-21 12:50:51.944root 11241100x8000000000000000724075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85760ffd5207c7332021-12-21 12:50:51.944root 11241100x8000000000000000724076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0ca2c82dfe501e2021-12-21 12:50:51.944root 11241100x8000000000000000724077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eda034554726902021-12-21 12:50:51.944root 11241100x8000000000000000724078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14272cf1ff49832021-12-21 12:50:51.944root 11241100x8000000000000000724079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bcc31a450117ab2021-12-21 12:50:51.944root 11241100x8000000000000000724080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db470415754bda2021-12-21 12:50:51.944root 11241100x8000000000000000724081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a508ecea1a54b912021-12-21 12:50:51.944root 11241100x8000000000000000724082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db92e7f0c15ec832021-12-21 12:50:51.944root 11241100x8000000000000000724083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a3fd9fe3621392021-12-21 12:50:51.944root 11241100x8000000000000000724084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e29e4d431961ff42021-12-21 12:50:51.944root 11241100x8000000000000000724085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b346d4738a9dd92b2021-12-21 12:50:51.944root 354300x8000000000000000724086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50570-false10.0.1.12-8000- 11241100x8000000000000000724087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d9178ac5979e72021-12-21 12:50:52.443root 11241100x8000000000000000724088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5140e6f4141fb2021-12-21 12:50:52.443root 11241100x8000000000000000724089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0b3ede332f3182021-12-21 12:50:52.443root 11241100x8000000000000000724090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca70f34cff528aa42021-12-21 12:50:52.443root 11241100x8000000000000000724091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607923779aacd3f02021-12-21 12:50:52.443root 11241100x8000000000000000724092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd6bd3bcb6f57592021-12-21 12:50:52.444root 11241100x8000000000000000724093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6a7ba615c03e02021-12-21 12:50:52.444root 11241100x8000000000000000724094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec394bf5d17f9a2021-12-21 12:50:52.444root 11241100x8000000000000000724095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3c5777f22dff52021-12-21 12:50:52.444root 11241100x8000000000000000724096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce48677de2493292021-12-21 12:50:52.444root 11241100x8000000000000000724097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06934a011817dbf2021-12-21 12:50:52.444root 11241100x8000000000000000724098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881c22dc41aedc622021-12-21 12:50:52.444root 11241100x8000000000000000724099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945768925e19f4652021-12-21 12:50:52.444root 11241100x8000000000000000724100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b06fc65ce057c52021-12-21 12:50:52.444root 11241100x8000000000000000724101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0dd53f0a1d5382021-12-21 12:50:52.444root 11241100x8000000000000000724102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4629f2764b99429f2021-12-21 12:50:52.444root 11241100x8000000000000000724103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5361832056638e2021-12-21 12:50:52.444root 11241100x8000000000000000724104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b348b04184a6002021-12-21 12:50:52.444root 11241100x8000000000000000724105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf037fa3d921c5b2021-12-21 12:50:52.444root 11241100x8000000000000000724106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b985265fe8f56182021-12-21 12:50:52.943root 11241100x8000000000000000724107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a556e03144d34b6c2021-12-21 12:50:52.943root 11241100x8000000000000000724108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2d3ecfd8d501012021-12-21 12:50:52.943root 11241100x8000000000000000724109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066ec6263007f00d2021-12-21 12:50:52.943root 11241100x8000000000000000724110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0266e9525d83f1902021-12-21 12:50:52.944root 11241100x8000000000000000724111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cd8af2c771561a2021-12-21 12:50:52.944root 11241100x8000000000000000724112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb83b8be5ff98b6a2021-12-21 12:50:52.944root 11241100x8000000000000000724113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71f095652fb3d912021-12-21 12:50:52.944root 11241100x8000000000000000724114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e0a36a00e5d1cb2021-12-21 12:50:52.944root 11241100x8000000000000000724115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ebc187f3fcc58b2021-12-21 12:50:52.944root 11241100x8000000000000000724116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326812c582c41c42021-12-21 12:50:52.944root 11241100x8000000000000000724117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e56d536cf987c02021-12-21 12:50:52.944root 11241100x8000000000000000724118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e71684fb68d4862021-12-21 12:50:52.944root 11241100x8000000000000000724119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c424725e12aa7182021-12-21 12:50:52.944root 11241100x8000000000000000724120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53c3e9357d23082021-12-21 12:50:52.944root 11241100x8000000000000000724121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eea04d7255aaef52021-12-21 12:50:52.944root 11241100x8000000000000000724122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b4e66ac6dee952021-12-21 12:50:52.944root 11241100x8000000000000000724123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180e0c0f67d35d342021-12-21 12:50:52.944root 11241100x8000000000000000724124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc433322844803012021-12-21 12:50:52.944root 11241100x8000000000000000724125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a2fea338c1db22021-12-21 12:50:53.443root 11241100x8000000000000000724126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9578b642a3ffb22021-12-21 12:50:53.443root 11241100x8000000000000000724127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021246cabcf840c82021-12-21 12:50:53.443root 11241100x8000000000000000724128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83bd9a615b3ae472021-12-21 12:50:53.443root 11241100x8000000000000000724129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d0d0ec9475ade2021-12-21 12:50:53.444root 11241100x8000000000000000724130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2724d57bac9eb202021-12-21 12:50:53.444root 11241100x8000000000000000724131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6117ede86d1dc5f92021-12-21 12:50:53.444root 11241100x8000000000000000724132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ce187cd36102cf2021-12-21 12:50:53.444root 11241100x8000000000000000724133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aad5ae52b59c232021-12-21 12:50:53.444root 11241100x8000000000000000724134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ca0dab0ef6ff72021-12-21 12:50:53.444root 11241100x8000000000000000724135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d90d2c6801ef772021-12-21 12:50:53.444root 11241100x8000000000000000724136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd27c0ca1ababcb82021-12-21 12:50:53.444root 11241100x8000000000000000724137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3922aa98b49b3472021-12-21 12:50:53.444root 11241100x8000000000000000724138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30abdc771f6d57dd2021-12-21 12:50:53.444root 11241100x8000000000000000724139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6e99fba4d38f9b2021-12-21 12:50:53.444root 11241100x8000000000000000724140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a52f37d7b2503782021-12-21 12:50:53.444root 11241100x8000000000000000724141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c063492c9ac3142021-12-21 12:50:53.444root 11241100x8000000000000000724142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d51acf73f958482021-12-21 12:50:53.444root 11241100x8000000000000000724143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6c9e4715523f942021-12-21 12:50:53.444root 11241100x8000000000000000724144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c557a23092fefd2021-12-21 12:50:53.943root 11241100x8000000000000000724145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74d4f6328ccdfee2021-12-21 12:50:53.943root 11241100x8000000000000000724146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e963aaa6f0e8f12021-12-21 12:50:53.943root 11241100x8000000000000000724147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f03a25163e9dc2021-12-21 12:50:53.943root 11241100x8000000000000000724148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0aa89b75e96652021-12-21 12:50:53.944root 11241100x8000000000000000724149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78aa1399efd5a752021-12-21 12:50:53.944root 11241100x8000000000000000724150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d6101a390fdac92021-12-21 12:50:53.944root 11241100x8000000000000000724151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783feeb869f72fa2021-12-21 12:50:53.944root 11241100x8000000000000000724152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3577d7d0b7291b522021-12-21 12:50:53.944root 11241100x8000000000000000724153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5226b84422405fb2021-12-21 12:50:53.944root 11241100x8000000000000000724154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db060229b891c0922021-12-21 12:50:53.944root 11241100x8000000000000000724155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08d0a3bee4832292021-12-21 12:50:53.944root 11241100x8000000000000000724156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7477f08ec167f8432021-12-21 12:50:53.944root 11241100x8000000000000000724157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c246d3dd3246a1f92021-12-21 12:50:53.944root 11241100x8000000000000000724158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c1dc98c5478c1d2021-12-21 12:50:53.944root 11241100x8000000000000000724159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16bfd7740fb5fa22021-12-21 12:50:53.944root 11241100x8000000000000000724160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae26c765f4f194582021-12-21 12:50:53.944root 11241100x8000000000000000724161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b0549bcdb8d6a52021-12-21 12:50:53.944root 11241100x8000000000000000724162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9566414ff520c61e2021-12-21 12:50:53.944root 11241100x8000000000000000724163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee70aa575c3c422021-12-21 12:50:54.443root 11241100x8000000000000000724164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d934158546b1d5c2021-12-21 12:50:54.443root 11241100x8000000000000000724165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762681e568cbd6d42021-12-21 12:50:54.443root 11241100x8000000000000000724166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36634ffd76e6fe32021-12-21 12:50:54.443root 11241100x8000000000000000724167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ee20b0c17a7c32021-12-21 12:50:54.444root 11241100x8000000000000000724168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100f6f9c868994622021-12-21 12:50:54.444root 11241100x8000000000000000724169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3f5e3f2cd889ef2021-12-21 12:50:54.444root 11241100x8000000000000000724170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d869e2570412856b2021-12-21 12:50:54.444root 11241100x8000000000000000724171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657c89d42f8b0cfc2021-12-21 12:50:54.444root 11241100x8000000000000000724172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e06f0a9970246c2021-12-21 12:50:54.444root 11241100x8000000000000000724173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b193fcb0c5ede2021-12-21 12:50:54.444root 11241100x8000000000000000724174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e139d2d245e9f8472021-12-21 12:50:54.444root 11241100x8000000000000000724175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d57aaaeaec5d92021-12-21 12:50:54.444root 11241100x8000000000000000724176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19aac4cef673e112021-12-21 12:50:54.444root 11241100x8000000000000000724177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1ff6c0736ef8062021-12-21 12:50:54.444root 11241100x8000000000000000724178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eda8f9cd52956972021-12-21 12:50:54.444root 11241100x8000000000000000724179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57305ac198bf69c2021-12-21 12:50:54.444root 11241100x8000000000000000724180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b0fe0854065e0b2021-12-21 12:50:54.444root 11241100x8000000000000000724181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d8c6c55c6c02ac2021-12-21 12:50:54.444root 11241100x8000000000000000724182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94da38bc38beb6cd2021-12-21 12:50:54.943root 11241100x8000000000000000724183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8514cf1c9bbe292021-12-21 12:50:54.943root 11241100x8000000000000000724184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300dd6cfe22346c2021-12-21 12:50:54.943root 11241100x8000000000000000724185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa3408212a46962021-12-21 12:50:54.944root 11241100x8000000000000000724186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3cb7e8cd4b42d32021-12-21 12:50:54.944root 11241100x8000000000000000724187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc6120da1685a4d2021-12-21 12:50:54.944root 11241100x8000000000000000724188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bfa40c6edc233f2021-12-21 12:50:54.944root 11241100x8000000000000000724189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ecff2534260a42021-12-21 12:50:54.944root 11241100x8000000000000000724190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c835a6e1a1f99a2021-12-21 12:50:54.944root 11241100x8000000000000000724191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cd959c235ebb872021-12-21 12:50:54.944root 11241100x8000000000000000724192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a258558cb224b52021-12-21 12:50:54.944root 11241100x8000000000000000724193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5beeb8e2d4d810e2021-12-21 12:50:54.944root 11241100x8000000000000000724194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3511f7654be9905a2021-12-21 12:50:54.944root 11241100x8000000000000000724195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57532ce258dd5282021-12-21 12:50:54.944root 11241100x8000000000000000724196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe38a1ce33c71c2021-12-21 12:50:54.944root 11241100x8000000000000000724197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8438ef00945b9d82021-12-21 12:50:54.945root 11241100x8000000000000000724198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0019245c217741912021-12-21 12:50:54.945root 11241100x8000000000000000724199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccad32e64f8147132021-12-21 12:50:54.945root 11241100x8000000000000000724200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0533140ad857daf72021-12-21 12:50:54.945root 11241100x8000000000000000724201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b1e61f05845a5a2021-12-21 12:50:55.443root 11241100x8000000000000000724202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce5f8d979bc03d2021-12-21 12:50:55.443root 11241100x8000000000000000724203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e666c1bc934a2b2f2021-12-21 12:50:55.443root 11241100x8000000000000000724204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714a78abfd34cc22021-12-21 12:50:55.443root 11241100x8000000000000000724205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4a6aecfd6a13502021-12-21 12:50:55.444root 11241100x8000000000000000724206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a727938eb6fcc8a12021-12-21 12:50:55.444root 11241100x8000000000000000724207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61454c56d511d36e2021-12-21 12:50:55.444root 11241100x8000000000000000724208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9cc64e3c67c85c2021-12-21 12:50:55.444root 11241100x8000000000000000724209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4478421fdaad852021-12-21 12:50:55.444root 11241100x8000000000000000724210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e9c012084859632021-12-21 12:50:55.444root 11241100x8000000000000000724211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903dd61421dee372021-12-21 12:50:55.444root 11241100x8000000000000000724212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9bbeeb9f0e30492021-12-21 12:50:55.444root 11241100x8000000000000000724213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508aa8e3628495bc2021-12-21 12:50:55.444root 11241100x8000000000000000724214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c050bde1be0bc212021-12-21 12:50:55.444root 11241100x8000000000000000724215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f888b144dd10b7142021-12-21 12:50:55.444root 11241100x8000000000000000724216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06779afaca4a58c32021-12-21 12:50:55.444root 11241100x8000000000000000724217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1f81febf841b132021-12-21 12:50:55.444root 11241100x8000000000000000724218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721dfe55ad4b7a12021-12-21 12:50:55.444root 11241100x8000000000000000724219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fae6367d6cb35f2021-12-21 12:50:55.444root 11241100x8000000000000000724220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb217a83e77a752021-12-21 12:50:55.943root 11241100x8000000000000000724221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d63e565382b5ce92021-12-21 12:50:55.943root 11241100x8000000000000000724222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0992cf261c601b32021-12-21 12:50:55.943root 11241100x8000000000000000724223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e5334372797d732021-12-21 12:50:55.943root 11241100x8000000000000000724224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df53f11f0805487e2021-12-21 12:50:55.944root 11241100x8000000000000000724225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d36ba4e84ef5c042021-12-21 12:50:55.944root 11241100x8000000000000000724226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5777950768093da72021-12-21 12:50:55.944root 11241100x8000000000000000724227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449a6a011d2bf76d2021-12-21 12:50:55.944root 11241100x8000000000000000724228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a744fe1febb8be7e2021-12-21 12:50:55.944root 11241100x8000000000000000724229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280acfff15f218842021-12-21 12:50:55.944root 11241100x8000000000000000724230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846042a2692dc9092021-12-21 12:50:55.944root 11241100x8000000000000000724231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3485ce1c3a26de702021-12-21 12:50:55.944root 11241100x8000000000000000724232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe694480ba4c627c2021-12-21 12:50:55.944root 11241100x8000000000000000724233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558801361c490d922021-12-21 12:50:55.944root 11241100x8000000000000000724234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd6f1fa08869c072021-12-21 12:50:55.944root 11241100x8000000000000000724235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ecedb657a420c52021-12-21 12:50:55.944root 11241100x8000000000000000724236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738feb364ac8b9a52021-12-21 12:50:55.944root 11241100x8000000000000000724237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa0e4c8af85230b2021-12-21 12:50:55.944root 11241100x8000000000000000724238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6245d19e56417d22021-12-21 12:50:55.944root 11241100x8000000000000000724239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5a6ab93abd32652021-12-21 12:50:56.443root 11241100x8000000000000000724240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc2ef5a27b09d202021-12-21 12:50:56.443root 11241100x8000000000000000724241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7a87467ea75cf32021-12-21 12:50:56.444root 11241100x8000000000000000724242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45c2fcb1417e2ed2021-12-21 12:50:56.444root 11241100x8000000000000000724243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb928f4e769e7d72021-12-21 12:50:56.444root 11241100x8000000000000000724244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf003c92e84416532021-12-21 12:50:56.444root 11241100x8000000000000000724245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e1f4c50cba08682021-12-21 12:50:56.444root 11241100x8000000000000000724246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2644144df9051aab2021-12-21 12:50:56.444root 11241100x8000000000000000724247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce2aa8b0dad1a962021-12-21 12:50:56.444root 11241100x8000000000000000724248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a7ecfa615624a72021-12-21 12:50:56.445root 11241100x8000000000000000724249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad0f39304bbde862021-12-21 12:50:56.445root 11241100x8000000000000000724250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23661c286450c42021-12-21 12:50:56.445root 11241100x8000000000000000724251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94f8987f2d28da12021-12-21 12:50:56.445root 11241100x8000000000000000724252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25659e29b8dbbbd12021-12-21 12:50:56.445root 11241100x8000000000000000724253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb474545d31d1f22021-12-21 12:50:56.445root 11241100x8000000000000000724254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5609f1b9229dc402021-12-21 12:50:56.445root 11241100x8000000000000000724255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6753911fc0a092a2021-12-21 12:50:56.445root 11241100x8000000000000000724256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74566bad1b3c40282021-12-21 12:50:56.445root 11241100x8000000000000000724257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa0c06b6237873d2021-12-21 12:50:56.445root 11241100x8000000000000000724258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34395c297fe924112021-12-21 12:50:56.943root 11241100x8000000000000000724259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20af4843bf0bb912021-12-21 12:50:56.943root 11241100x8000000000000000724260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2d3ee09083009d2021-12-21 12:50:56.943root 11241100x8000000000000000724261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e193373f44c003632021-12-21 12:50:56.944root 11241100x8000000000000000724262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c4cf75b5bccc6e2021-12-21 12:50:56.944root 11241100x8000000000000000724263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0629a2418bfa2d992021-12-21 12:50:56.944root 11241100x8000000000000000724264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284618e6b0c66a4f2021-12-21 12:50:56.944root 11241100x8000000000000000724265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e985cb4fd85998512021-12-21 12:50:56.944root 11241100x8000000000000000724266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d12bbd430965902021-12-21 12:50:56.944root 11241100x8000000000000000724267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18841490dc9008f2021-12-21 12:50:56.944root 11241100x8000000000000000724268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125d7a55cec1f3c62021-12-21 12:50:56.944root 11241100x8000000000000000724269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5ae1eb0a8c24772021-12-21 12:50:56.944root 11241100x8000000000000000724270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163fceaa1bc7093d2021-12-21 12:50:56.944root 11241100x8000000000000000724271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dc7e9d4ad54fe32021-12-21 12:50:56.944root 11241100x8000000000000000724272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d023486494eb82021-12-21 12:50:56.944root 11241100x8000000000000000724273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376c985b8ccb2a232021-12-21 12:50:56.944root 11241100x8000000000000000724274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18108a0ccaaaff002021-12-21 12:50:56.945root 11241100x8000000000000000724275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968344a507b3cb202021-12-21 12:50:56.945root 11241100x8000000000000000724276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7184e6dfcdac643e2021-12-21 12:50:56.945root 11241100x8000000000000000724277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be7a3380be23af2021-12-21 12:50:57.443root 11241100x8000000000000000724278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d9377ee5b5b052021-12-21 12:50:57.443root 11241100x8000000000000000724279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f853319f33b5d62021-12-21 12:50:57.443root 11241100x8000000000000000724280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d4c13a12aab3842021-12-21 12:50:57.443root 11241100x8000000000000000724281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d7367e1afd4b22021-12-21 12:50:57.444root 11241100x8000000000000000724282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bc22868c94254a2021-12-21 12:50:57.444root 11241100x8000000000000000724283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d7041b50d90152021-12-21 12:50:57.444root 11241100x8000000000000000724284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d9eee729e90df02021-12-21 12:50:57.444root 11241100x8000000000000000724285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10264e275e94c0862021-12-21 12:50:57.444root 11241100x8000000000000000724286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84b9436186bcb922021-12-21 12:50:57.444root 11241100x8000000000000000724287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d55b1da6d0bcc102021-12-21 12:50:57.444root 11241100x8000000000000000724288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720aa844d5b5f6942021-12-21 12:50:57.444root 11241100x8000000000000000724289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cd9e40a89a26942021-12-21 12:50:57.444root 11241100x8000000000000000724290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee1122788c53f22021-12-21 12:50:57.444root 11241100x8000000000000000724291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba8a9cb702c20952021-12-21 12:50:57.444root 11241100x8000000000000000724292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe564fcc2f2033a2021-12-21 12:50:57.444root 11241100x8000000000000000724293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e840fd11ecc17d2021-12-21 12:50:57.444root 11241100x8000000000000000724294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d1e8646f8a07b12021-12-21 12:50:57.444root 11241100x8000000000000000724295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf445492133bb5c62021-12-21 12:50:57.445root 11241100x8000000000000000724296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5148be54879d47e2021-12-21 12:50:57.943root 11241100x8000000000000000724297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14872010ccb449882021-12-21 12:50:57.943root 11241100x8000000000000000724298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea6d5384e5e0b022021-12-21 12:50:57.943root 11241100x8000000000000000724299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2997fe9d270545c52021-12-21 12:50:57.944root 11241100x8000000000000000724300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7e29a448a50c12021-12-21 12:50:57.944root 11241100x8000000000000000724301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c380f2ad6513b8182021-12-21 12:50:57.944root 11241100x8000000000000000724302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e3de064e42432f2021-12-21 12:50:57.944root 11241100x8000000000000000724303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4ce8c6f0569b482021-12-21 12:50:57.944root 11241100x8000000000000000724304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8e4a3664bad67e2021-12-21 12:50:57.944root 11241100x8000000000000000724305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f43f9b7f3e1dae2021-12-21 12:50:57.944root 11241100x8000000000000000724306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984a055401c7cabd2021-12-21 12:50:57.944root 11241100x8000000000000000724307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bff8412c2384362021-12-21 12:50:57.944root 11241100x8000000000000000724308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eecc540623cce52021-12-21 12:50:57.944root 11241100x8000000000000000724309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea140744ed7ad3992021-12-21 12:50:57.944root 11241100x8000000000000000724310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5df05b76617cf2d2021-12-21 12:50:57.944root 11241100x8000000000000000724311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd459d33a6c3422021-12-21 12:50:57.944root 11241100x8000000000000000724312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4b8e01579f45bd2021-12-21 12:50:57.944root 11241100x8000000000000000724313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd44a6b55b2ae172021-12-21 12:50:57.944root 11241100x8000000000000000724314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8566b9e6f78a722021-12-21 12:50:57.944root 354300x8000000000000000724315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.021{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50572-false10.0.1.12-8000- 11241100x8000000000000000724316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a92daaedc2a1332021-12-21 12:50:58.443root 11241100x8000000000000000724317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae70e319dd540572021-12-21 12:50:58.443root 11241100x8000000000000000724318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb55e852ed259df82021-12-21 12:50:58.443root 11241100x8000000000000000724319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7dba7d588a890e2021-12-21 12:50:58.444root 11241100x8000000000000000724320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d86823a2e4658e2021-12-21 12:50:58.444root 11241100x8000000000000000724321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4978c4af47eaa4602021-12-21 12:50:58.444root 11241100x8000000000000000724322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a0c57061e7f9412021-12-21 12:50:58.444root 11241100x8000000000000000724323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee055fe28ae9cc9c2021-12-21 12:50:58.444root 11241100x8000000000000000724324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c7cda277a0aa1e2021-12-21 12:50:58.444root 11241100x8000000000000000724325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f819ac78c41c2582021-12-21 12:50:58.444root 11241100x8000000000000000724326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54dbb576fb415112021-12-21 12:50:58.444root 11241100x8000000000000000724327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1866182e2a06062021-12-21 12:50:58.444root 11241100x8000000000000000724328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2987e4ca5bc11dd2021-12-21 12:50:58.444root 11241100x8000000000000000724329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e270e65a2e4be992021-12-21 12:50:58.444root 11241100x8000000000000000724330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df04b967d099fbc2021-12-21 12:50:58.444root 11241100x8000000000000000724331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2825a9441d3958c52021-12-21 12:50:58.444root 11241100x8000000000000000724332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479009459a93e97f2021-12-21 12:50:58.444root 11241100x8000000000000000724333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d0fa826d40e9772021-12-21 12:50:58.444root 11241100x8000000000000000724334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00b26a23daa60062021-12-21 12:50:58.445root 11241100x8000000000000000724335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d5cad10a504722021-12-21 12:50:58.445root 11241100x8000000000000000724336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6a02b42d8f8b9c2021-12-21 12:50:58.943root 11241100x8000000000000000724337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa79eaa5d644a302021-12-21 12:50:58.943root 11241100x8000000000000000724338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335ec9c6d9f842a62021-12-21 12:50:58.943root 11241100x8000000000000000724339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8678194da810212021-12-21 12:50:58.943root 11241100x8000000000000000724340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40d07e8a52376f82021-12-21 12:50:58.944root 11241100x8000000000000000724341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bc6faa8c18e04b2021-12-21 12:50:58.944root 11241100x8000000000000000724342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d31393d5dfe9bb2021-12-21 12:50:58.944root 11241100x8000000000000000724343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9cf4eaac66ae472021-12-21 12:50:58.944root 11241100x8000000000000000724344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3414bf32b7def57f2021-12-21 12:50:58.944root 11241100x8000000000000000724345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd4870d95954e422021-12-21 12:50:58.944root 11241100x8000000000000000724346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa4e50f8946923e2021-12-21 12:50:58.944root 11241100x8000000000000000724347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f79f1dc271bd7fc2021-12-21 12:50:58.944root 11241100x8000000000000000724348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47f9b3e27dab472021-12-21 12:50:58.944root 11241100x8000000000000000724349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd3fd863a451af42021-12-21 12:50:58.944root 11241100x8000000000000000724350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb702496f0bb96e72021-12-21 12:50:58.944root 11241100x8000000000000000724351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748b739473fc0e0d2021-12-21 12:50:58.944root 11241100x8000000000000000724352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532f6fc243b223132021-12-21 12:50:58.944root 11241100x8000000000000000724353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f978b83c9aa3d3b2021-12-21 12:50:58.945root 11241100x8000000000000000724354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bef0692c9052cbe2021-12-21 12:50:58.945root 11241100x8000000000000000724355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509d1f3b74a27f342021-12-21 12:50:58.945root 11241100x8000000000000000724356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322e3e592be0560c2021-12-21 12:50:59.443root 11241100x8000000000000000724357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed886dc426a889f62021-12-21 12:50:59.443root 11241100x8000000000000000724358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d32ce6e17dd13bd2021-12-21 12:50:59.443root 11241100x8000000000000000724359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c174d61981ce79d2021-12-21 12:50:59.443root 11241100x8000000000000000724360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9771f919f29d32122021-12-21 12:50:59.444root 11241100x8000000000000000724361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8d8ebf7d5433d02021-12-21 12:50:59.444root 11241100x8000000000000000724362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313cd74519bfde822021-12-21 12:50:59.444root 11241100x8000000000000000724363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f156010dae87e3e62021-12-21 12:50:59.444root 11241100x8000000000000000724364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cf09d96778e2992021-12-21 12:50:59.444root 11241100x8000000000000000724365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d9c708052f53f2021-12-21 12:50:59.444root 11241100x8000000000000000724366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28690b8ec8347ae22021-12-21 12:50:59.444root 11241100x8000000000000000724367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f193891a16bc8852021-12-21 12:50:59.444root 11241100x8000000000000000724368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424c0102efc7af1d2021-12-21 12:50:59.444root 11241100x8000000000000000724369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf4b766e466f5d72021-12-21 12:50:59.444root 11241100x8000000000000000724370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df6683d2fed2b8a2021-12-21 12:50:59.444root 11241100x8000000000000000724371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ee81ba5d7d85a2021-12-21 12:50:59.444root 11241100x8000000000000000724372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2814d0e81f822782021-12-21 12:50:59.444root 11241100x8000000000000000724373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d7bdf674024302021-12-21 12:50:59.444root 11241100x8000000000000000724374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be559ff461ceb22021-12-21 12:50:59.444root 11241100x8000000000000000724375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e705c4657e77c1982021-12-21 12:50:59.444root 11241100x8000000000000000724376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65ccb737f47da1b2021-12-21 12:50:59.943root 11241100x8000000000000000724377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2cb6cc89419ca32021-12-21 12:50:59.943root 11241100x8000000000000000724378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be8f1327ddf90552021-12-21 12:50:59.943root 11241100x8000000000000000724379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b3f564c2fe94292021-12-21 12:50:59.943root 11241100x8000000000000000724380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c7d4c359a7b7602021-12-21 12:50:59.944root 11241100x8000000000000000724381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acc6f00d5654fc42021-12-21 12:50:59.944root 11241100x8000000000000000724382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e0b2c8944c433a2021-12-21 12:50:59.944root 11241100x8000000000000000724383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebba12fccc380742021-12-21 12:50:59.944root 11241100x8000000000000000724384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c40266fd191382021-12-21 12:50:59.944root 11241100x8000000000000000724385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ea87677dbe4b022021-12-21 12:50:59.944root 11241100x8000000000000000724386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a652f2431a17dfd12021-12-21 12:50:59.944root 11241100x8000000000000000724387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d17a469aa7984e2021-12-21 12:50:59.944root 11241100x8000000000000000724388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a58f3f8de45905b2021-12-21 12:50:59.944root 11241100x8000000000000000724389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e719562943f8a2021-12-21 12:50:59.944root 11241100x8000000000000000724390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266374a1e506dd012021-12-21 12:50:59.944root 11241100x8000000000000000724391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f8d012a16fd72e2021-12-21 12:50:59.944root 11241100x8000000000000000724392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ac5a477525fcb32021-12-21 12:50:59.944root 11241100x8000000000000000724393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2bcd3142777d872021-12-21 12:50:59.944root 11241100x8000000000000000724394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a50ee18cc43db42021-12-21 12:50:59.944root 11241100x8000000000000000724395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc04878e2d03c3f2021-12-21 12:50:59.944root 11241100x8000000000000000724396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242a4b5e9a72180e2021-12-21 12:51:00.443root 11241100x8000000000000000724397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbc76a701f8696a2021-12-21 12:51:00.443root 11241100x8000000000000000724398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96707411196453192021-12-21 12:51:00.443root 11241100x8000000000000000724399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4358c3adacd9142021-12-21 12:51:00.443root 11241100x8000000000000000724400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87b3388e4357f2e2021-12-21 12:51:00.443root 11241100x8000000000000000724401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32de12d65cbb7e242021-12-21 12:51:00.443root 11241100x8000000000000000724402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78bfe63b7fb5ced2021-12-21 12:51:00.443root 11241100x8000000000000000724403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507446e3bcddb8172021-12-21 12:51:00.443root 11241100x8000000000000000724404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846e18be50b545f92021-12-21 12:51:00.443root 11241100x8000000000000000724405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410f4905acb6209d2021-12-21 12:51:00.444root 11241100x8000000000000000724406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224a1e92582222762021-12-21 12:51:00.444root 11241100x8000000000000000724407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7870c942db0217262021-12-21 12:51:00.445root 11241100x8000000000000000724408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66f922f1442d4942021-12-21 12:51:00.445root 11241100x8000000000000000724409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd24169a5711c9f2021-12-21 12:51:00.445root 11241100x8000000000000000724410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c2771c78d0dac52021-12-21 12:51:00.445root 11241100x8000000000000000724411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d350ef8c7a798a82021-12-21 12:51:00.445root 11241100x8000000000000000724412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42397a81cf4617e72021-12-21 12:51:00.445root 11241100x8000000000000000724413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f3d503d5a4e6ed2021-12-21 12:51:00.445root 11241100x8000000000000000724414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a590762218c48602021-12-21 12:51:00.445root 11241100x8000000000000000724415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a854d3f81802bc622021-12-21 12:51:00.445root 11241100x8000000000000000724416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b597d8c4ea91d02021-12-21 12:51:00.445root 11241100x8000000000000000724417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c172a812dec2e622021-12-21 12:51:00.445root 11241100x8000000000000000724418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36f4a8fe7f1d442021-12-21 12:51:00.445root 11241100x8000000000000000724419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09eb33e61cf6a5a72021-12-21 12:51:00.445root 11241100x8000000000000000724420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8399fb48c556de792021-12-21 12:51:00.445root 11241100x8000000000000000724421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffe908c12d2d1302021-12-21 12:51:00.445root 11241100x8000000000000000724422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51654630ae2ac2c32021-12-21 12:51:00.446root 11241100x8000000000000000724423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc13b52f9c042222021-12-21 12:51:00.446root 11241100x8000000000000000724424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f0b7ddd30716762021-12-21 12:51:00.446root 11241100x8000000000000000724425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc2eb5c400584742021-12-21 12:51:00.446root 11241100x8000000000000000724426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f1d7fb19dc22792021-12-21 12:51:00.943root 11241100x8000000000000000724427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365612ba784ee062021-12-21 12:51:00.943root 11241100x8000000000000000724428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa5da3b3e99d6a2021-12-21 12:51:00.943root 11241100x8000000000000000724429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da5170c0fc79922021-12-21 12:51:00.943root 11241100x8000000000000000724430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610ca9d9e8b1234e2021-12-21 12:51:00.943root 11241100x8000000000000000724431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f065cfd85e3602642021-12-21 12:51:00.944root 11241100x8000000000000000724432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb26c47912a89e72021-12-21 12:51:00.944root 11241100x8000000000000000724433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c9e325114d2ba82021-12-21 12:51:00.944root 11241100x8000000000000000724434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab0e99522ce74002021-12-21 12:51:00.944root 11241100x8000000000000000724435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb2b8f902a0ac1e2021-12-21 12:51:00.944root 11241100x8000000000000000724436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a6cc3fa85e537d2021-12-21 12:51:00.944root 11241100x8000000000000000724437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988d8db307b3fd892021-12-21 12:51:00.944root 11241100x8000000000000000724438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ae9ca31b5e6c3f2021-12-21 12:51:00.944root 11241100x8000000000000000724439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9a1c76136ed36d2021-12-21 12:51:00.944root 11241100x8000000000000000724440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e47668931f7e2db2021-12-21 12:51:00.944root 11241100x8000000000000000724441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8201008e59d880fc2021-12-21 12:51:00.944root 11241100x8000000000000000724442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef9b2795358acb52021-12-21 12:51:00.944root 11241100x8000000000000000724443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60234cc878126d0a2021-12-21 12:51:00.945root 11241100x8000000000000000724444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679f5a57cd8bc3772021-12-21 12:51:00.945root 11241100x8000000000000000724445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a869321a3fae7c92021-12-21 12:51:00.945root 11241100x8000000000000000724446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41df9e58817f9b42021-12-21 12:51:00.945root 11241100x8000000000000000724447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0779af0db2f842021-12-21 12:51:00.945root 11241100x8000000000000000724448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4b6dd7bcbdf1a82021-12-21 12:51:00.945root 11241100x8000000000000000724449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59f168f2e222c6d2021-12-21 12:51:00.945root 11241100x8000000000000000724450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b932403a96c468042021-12-21 12:51:00.945root 11241100x8000000000000000724451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a265151e2fec8a642021-12-21 12:51:00.945root 11241100x8000000000000000724452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204e58704498ec5c2021-12-21 12:51:00.945root 11241100x8000000000000000724453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef2efb282478952021-12-21 12:51:00.945root 11241100x8000000000000000724454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb329ebd55b8af8f2021-12-21 12:51:00.945root 11241100x8000000000000000724455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8e4612c06c6ed62021-12-21 12:51:00.946root 11241100x8000000000000000724456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1486f31f5fa2a2c2021-12-21 12:51:00.946root 11241100x8000000000000000724457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5ee9db6bfd46bb2021-12-21 12:51:00.946root 11241100x8000000000000000724458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6595c54562a1a6152021-12-21 12:51:00.946root 11241100x8000000000000000724459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d33f76e494afd0d2021-12-21 12:51:00.946root 11241100x8000000000000000724460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fded9852ae51222021-12-21 12:51:00.946root 11241100x8000000000000000724461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56c19ead25b2da12021-12-21 12:51:00.947root 11241100x8000000000000000724462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7880a4cb89d6d432021-12-21 12:51:00.947root 11241100x8000000000000000724463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8993f82f7519906b2021-12-21 12:51:00.947root 11241100x8000000000000000724464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c4db636dd383952021-12-21 12:51:00.947root 11241100x8000000000000000724465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7e0004d82af402021-12-21 12:51:00.947root 11241100x8000000000000000724466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d0a97a250fe3d82021-12-21 12:51:00.947root 11241100x8000000000000000724467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5256a8b92184ce542021-12-21 12:51:00.947root 11241100x8000000000000000724468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db348fd961294792021-12-21 12:51:00.947root 11241100x8000000000000000724469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900c921eb4569c812021-12-21 12:51:00.947root 11241100x8000000000000000724470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200b04a74d2363402021-12-21 12:51:00.947root 11241100x8000000000000000724471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ee8beeaec920262021-12-21 12:51:00.947root 11241100x8000000000000000724472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ff8249791e2f3e2021-12-21 12:51:00.947root 11241100x8000000000000000724473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8d7a6993bdfbc82021-12-21 12:51:00.948root 11241100x8000000000000000724474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5659dcd19e01532021-12-21 12:51:00.948root 11241100x8000000000000000724475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056161d5c1c2623a2021-12-21 12:51:00.948root 11241100x8000000000000000724476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab122d863d7c1c9e2021-12-21 12:51:00.948root 11241100x8000000000000000724477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df39ee109c0d29912021-12-21 12:51:00.948root 11241100x8000000000000000724478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad49d563308e6902021-12-21 12:51:00.948root 11241100x8000000000000000724479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8b00fe90047a5d2021-12-21 12:51:00.948root 11241100x8000000000000000724480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e761637dab60d5bd2021-12-21 12:51:00.948root 11241100x8000000000000000724481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1b26cab859b4762021-12-21 12:51:00.948root 11241100x8000000000000000724482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e849ec983b202eb82021-12-21 12:51:00.948root 11241100x8000000000000000724483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c48b79f4f691de2021-12-21 12:51:00.948root 11241100x8000000000000000724484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df02b9e2916f98e2021-12-21 12:51:00.949root 11241100x8000000000000000724485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61229d53de7fe442021-12-21 12:51:00.949root 11241100x8000000000000000724486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0808857406cf052021-12-21 12:51:00.949root 11241100x8000000000000000724487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eeb1000fd6fc1a62021-12-21 12:51:00.949root 11241100x8000000000000000724488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0adee85373a9f02021-12-21 12:51:00.949root 11241100x8000000000000000724489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1b5b94222ab3912021-12-21 12:51:00.949root 11241100x8000000000000000724490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6483a07fdb96392021-12-21 12:51:00.949root 11241100x8000000000000000724491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e401cdcb68374fdb2021-12-21 12:51:00.949root 11241100x8000000000000000724492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106fc9e5974b699b2021-12-21 12:51:00.949root 11241100x8000000000000000724493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3394a2605d8a12b2021-12-21 12:51:00.949root 11241100x8000000000000000724494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6745a0d5345359a22021-12-21 12:51:00.949root 11241100x8000000000000000724495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1e960de4b94222021-12-21 12:51:00.949root 11241100x8000000000000000724496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabac99e94c4fe02021-12-21 12:51:00.950root 11241100x8000000000000000724497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e96a1f7afcb4662021-12-21 12:51:00.950root 11241100x8000000000000000724498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c781f6fb4562b32021-12-21 12:51:00.950root 11241100x8000000000000000724499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00c4e8b4e73f5fd2021-12-21 12:51:00.950root 11241100x8000000000000000724500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3e24490d3b317f2021-12-21 12:51:00.950root 11241100x8000000000000000724501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67484f9b389848782021-12-21 12:51:00.950root 11241100x8000000000000000724502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6252facacea5fdd52021-12-21 12:51:00.950root 11241100x8000000000000000724503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd448768be53bec2021-12-21 12:51:00.950root 11241100x8000000000000000724504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cd911cf99f0a322021-12-21 12:51:00.950root 11241100x8000000000000000724505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6dcfc8f90dbe032021-12-21 12:51:00.950root 11241100x8000000000000000724506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375fa164bdb5deff2021-12-21 12:51:00.950root 11241100x8000000000000000724507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08141369d9b9fda2021-12-21 12:51:00.950root 11241100x8000000000000000724508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a6dd88e57cea762021-12-21 12:51:00.951root 11241100x8000000000000000724509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ab7db35bf38a272021-12-21 12:51:00.951root 11241100x8000000000000000724510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef32e5c07f9e45352021-12-21 12:51:00.951root 11241100x8000000000000000724511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb31f6d5a22dd4a2021-12-21 12:51:00.951root 11241100x8000000000000000724512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f90ed906c41542021-12-21 12:51:00.951root 11241100x8000000000000000724513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141933732ba69af92021-12-21 12:51:00.951root 11241100x8000000000000000724514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe0de69d84846eb2021-12-21 12:51:00.951root 11241100x8000000000000000724515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b05f762abc146a2021-12-21 12:51:00.951root 11241100x8000000000000000724516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26847fdfcb683252021-12-21 12:51:00.952root 11241100x8000000000000000724517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e9449bdfd8174f2021-12-21 12:51:00.952root 11241100x8000000000000000724518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae6ea53a7b58dd52021-12-21 12:51:00.952root 11241100x8000000000000000724519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0b097c6fc2192a2021-12-21 12:51:00.952root 11241100x8000000000000000724520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dfb2e0cac080f82021-12-21 12:51:00.952root 11241100x8000000000000000724521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb738165c873f4b2021-12-21 12:51:00.952root 11241100x8000000000000000724522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3e188c580b0bd22021-12-21 12:51:00.952root 11241100x8000000000000000724523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c187d81b3a912dd2021-12-21 12:51:00.952root 11241100x8000000000000000724524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53fee4380543a092021-12-21 12:51:00.952root 11241100x8000000000000000724525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24df5b093d7fa4982021-12-21 12:51:00.952root 11241100x8000000000000000724526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6467086f540e7f02021-12-21 12:51:00.952root 11241100x8000000000000000724527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898ccad4cbdb64d2021-12-21 12:51:00.952root 11241100x8000000000000000724528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982438d020c2156f2021-12-21 12:51:00.952root 11241100x8000000000000000724529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f540753c0bc282021-12-21 12:51:00.952root 11241100x8000000000000000724530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14419c9822a5e6ca2021-12-21 12:51:00.953root 11241100x8000000000000000724531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf34f4cecf17fc92021-12-21 12:51:00.953root 11241100x8000000000000000724532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e2c2a4b7503782021-12-21 12:51:00.954root 11241100x8000000000000000724533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e041d3f69ec83f02021-12-21 12:51:00.954root 11241100x8000000000000000724534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741bdf7a582684572021-12-21 12:51:00.954root 11241100x8000000000000000724535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b969624e368fc2021-12-21 12:51:00.954root 11241100x8000000000000000724536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12679ed9d7de3542021-12-21 12:51:00.954root 11241100x8000000000000000724537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397499d9f4aebaed2021-12-21 12:51:00.954root 11241100x8000000000000000724538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ece367877b54022021-12-21 12:51:00.954root 11241100x8000000000000000724539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d7f05eb096b21f2021-12-21 12:51:00.954root 11241100x8000000000000000724540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7452662c85aacba2021-12-21 12:51:00.954root 11241100x8000000000000000724541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c6ffe1425218c72021-12-21 12:51:00.955root 11241100x8000000000000000724542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1ccecb0e63f2962021-12-21 12:51:00.955root 11241100x8000000000000000724543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235e48cbacb780d2021-12-21 12:51:00.955root 11241100x8000000000000000724544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525d4ea5eb994382021-12-21 12:51:00.955root 11241100x8000000000000000724545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4650edf51272c82021-12-21 12:51:00.955root 11241100x8000000000000000724546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b24eb368c1fee932021-12-21 12:51:00.955root 11241100x8000000000000000724547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98877ee97a38ece2021-12-21 12:51:00.955root 11241100x8000000000000000724548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc34199559bd365e2021-12-21 12:51:00.955root 11241100x8000000000000000724549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c0f6cdb92d1422021-12-21 12:51:00.956root 11241100x8000000000000000724550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac69017a9ad5a3602021-12-21 12:51:01.443root 11241100x8000000000000000724551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965310cf74ebfcde2021-12-21 12:51:01.443root 11241100x8000000000000000724552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42d866727c9cda32021-12-21 12:51:01.443root 11241100x8000000000000000724553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1236fb971276d8fc2021-12-21 12:51:01.443root 11241100x8000000000000000724554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa066656648ef5022021-12-21 12:51:01.444root 11241100x8000000000000000724555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768d6724aad318062021-12-21 12:51:01.444root 11241100x8000000000000000724556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d513cd027bc57d932021-12-21 12:51:01.444root 11241100x8000000000000000724557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e8d6993f67b162021-12-21 12:51:01.444root 11241100x8000000000000000724558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9493cd71c5e25e2021-12-21 12:51:01.444root 11241100x8000000000000000724559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900092bf46d4159a2021-12-21 12:51:01.444root 11241100x8000000000000000724560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e72f8cb937213102021-12-21 12:51:01.444root 11241100x8000000000000000724561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e15ec76b3ee4f92021-12-21 12:51:01.444root 11241100x8000000000000000724562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9165c7144f98b0f2021-12-21 12:51:01.444root 11241100x8000000000000000724563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c7b39ec56c092e2021-12-21 12:51:01.445root 11241100x8000000000000000724564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416a4254ff70190d2021-12-21 12:51:01.445root 11241100x8000000000000000724565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dd91e24d1a1cc12021-12-21 12:51:01.445root 11241100x8000000000000000724566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c715883ae043212021-12-21 12:51:01.445root 11241100x8000000000000000724567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad6e12a02bf84552021-12-21 12:51:01.445root 11241100x8000000000000000724568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e647d5dd5fa27d5a2021-12-21 12:51:01.446root 11241100x8000000000000000724569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8399759acc8fb802021-12-21 12:51:01.446root 11241100x8000000000000000724570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f95c4056fa3a2a2021-12-21 12:51:01.943root 11241100x8000000000000000724571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570021d3c0cb85fb2021-12-21 12:51:01.943root 11241100x8000000000000000724572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6e56dab9832eb02021-12-21 12:51:01.944root 11241100x8000000000000000724573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81aa5c9c835c2892021-12-21 12:51:01.944root 11241100x8000000000000000724574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821cb6029dea93042021-12-21 12:51:01.944root 11241100x8000000000000000724575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83005fb41a3aab52021-12-21 12:51:01.944root 11241100x8000000000000000724576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee00102623613f062021-12-21 12:51:01.944root 11241100x8000000000000000724577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7156e491a881d652021-12-21 12:51:01.944root 11241100x8000000000000000724578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9f40c894b228942021-12-21 12:51:01.944root 11241100x8000000000000000724579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c13abf3e4458bf2021-12-21 12:51:01.944root 11241100x8000000000000000724580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03412b5699168a452021-12-21 12:51:01.944root 11241100x8000000000000000724581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f5b9365fa593b62021-12-21 12:51:01.944root 11241100x8000000000000000724582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a6e0d4f8945aa2021-12-21 12:51:01.945root 11241100x8000000000000000724583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d08b0893f4069392021-12-21 12:51:01.945root 11241100x8000000000000000724584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614a790d1b06ca322021-12-21 12:51:01.945root 11241100x8000000000000000724585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08f70f6ab346c72021-12-21 12:51:01.945root 11241100x8000000000000000724586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f075b8b9f5a0bdb2021-12-21 12:51:01.945root 11241100x8000000000000000724587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b31f41d6095a7102021-12-21 12:51:01.945root 11241100x8000000000000000724588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7ec8acb26ce542021-12-21 12:51:01.946root 11241100x8000000000000000724589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86469f39f20e052021-12-21 12:51:01.946root 11241100x8000000000000000724590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583c30b3a94799682021-12-21 12:51:02.443root 11241100x8000000000000000724591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979633272c3581862021-12-21 12:51:02.443root 11241100x8000000000000000724592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2b34cb056e57492021-12-21 12:51:02.444root 11241100x8000000000000000724593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194b7be8b7f36c262021-12-21 12:51:02.444root 11241100x8000000000000000724594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ea88299b4ac6e52021-12-21 12:51:02.444root 11241100x8000000000000000724595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e399d0647e38a6e72021-12-21 12:51:02.444root 11241100x8000000000000000724596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bdce80671131832021-12-21 12:51:02.444root 11241100x8000000000000000724597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db98b3c78f9b1b392021-12-21 12:51:02.444root 11241100x8000000000000000724598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23237efbb26874762021-12-21 12:51:02.445root 11241100x8000000000000000724599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d73c8be1e31fc52021-12-21 12:51:02.445root 11241100x8000000000000000724600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0793affd84f0dd462021-12-21 12:51:02.445root 11241100x8000000000000000724601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d55371338b5e822021-12-21 12:51:02.445root 11241100x8000000000000000724602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc45f07212389bf2021-12-21 12:51:02.445root 11241100x8000000000000000724603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41af748cd2ef526a2021-12-21 12:51:02.445root 11241100x8000000000000000724604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14128866bf43bf02021-12-21 12:51:02.445root 11241100x8000000000000000724605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34df437c4295347e2021-12-21 12:51:02.445root 11241100x8000000000000000724606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2362868894b467202021-12-21 12:51:02.445root 11241100x8000000000000000724607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e867c1ef1476f2021-12-21 12:51:02.445root 11241100x8000000000000000724608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe28ab8dcbd5ca52021-12-21 12:51:02.445root 11241100x8000000000000000724609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d18bf71cdcb8a62021-12-21 12:51:02.445root 11241100x8000000000000000724610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ffc867a7cead222021-12-21 12:51:02.943root 11241100x8000000000000000724611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fe6ac89b67d8082021-12-21 12:51:02.943root 11241100x8000000000000000724612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f887e966bc315502021-12-21 12:51:02.944root 11241100x8000000000000000724613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fd016ce898c14c2021-12-21 12:51:02.944root 11241100x8000000000000000724614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debe1d3b34c9545e2021-12-21 12:51:02.944root 11241100x8000000000000000724615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3fe70d7cd2c0f12021-12-21 12:51:02.944root 11241100x8000000000000000724616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f58220abc359fe2021-12-21 12:51:02.945root 11241100x8000000000000000724617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1455c2ffb3a0c66c2021-12-21 12:51:02.945root 11241100x8000000000000000724618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e50f535b89bafc2021-12-21 12:51:02.945root 11241100x8000000000000000724619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6562318297da6212021-12-21 12:51:02.945root 11241100x8000000000000000724620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d7a01faacc198b2021-12-21 12:51:02.945root 11241100x8000000000000000724621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f45fe3ac2d23002021-12-21 12:51:02.945root 11241100x8000000000000000724622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb2d92e4435c94c2021-12-21 12:51:02.945root 11241100x8000000000000000724623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c814e8cb014ef382021-12-21 12:51:02.945root 11241100x8000000000000000724624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92ab363720507f2021-12-21 12:51:02.945root 11241100x8000000000000000724625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500910c2308f3b4d2021-12-21 12:51:02.945root 11241100x8000000000000000724626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fbbfcb3042cc4d2021-12-21 12:51:02.946root 11241100x8000000000000000724627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a761e01daf87ccab2021-12-21 12:51:02.946root 11241100x8000000000000000724628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df7e9620a1c48e42021-12-21 12:51:02.946root 11241100x8000000000000000724629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0f0aa2556a84c82021-12-21 12:51:02.946root 354300x8000000000000000724630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50574-false10.0.1.12-8000- 11241100x8000000000000000724631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32277b1e7dacfbe52021-12-21 12:51:03.442root 11241100x8000000000000000724632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f08b529d6a7a282021-12-21 12:51:03.443root 11241100x8000000000000000724633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d20103e03ce84c2021-12-21 12:51:03.443root 11241100x8000000000000000724634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c23b1eb2ec1aac2021-12-21 12:51:03.443root 11241100x8000000000000000724635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90fb95768453d682021-12-21 12:51:03.443root 11241100x8000000000000000724636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca058201252f9f462021-12-21 12:51:03.443root 11241100x8000000000000000724637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301be4a3ef72a4082021-12-21 12:51:03.443root 11241100x8000000000000000724638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da9b628ec06a8b32021-12-21 12:51:03.443root 11241100x8000000000000000724639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4897917371e767dc2021-12-21 12:51:03.444root 11241100x8000000000000000724640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe85a638752ce82021-12-21 12:51:03.444root 11241100x8000000000000000724641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62505358afe8f7e82021-12-21 12:51:03.444root 11241100x8000000000000000724642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a9affe4ec80a6b2021-12-21 12:51:03.444root 11241100x8000000000000000724643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcef90e8e220ef82021-12-21 12:51:03.444root 11241100x8000000000000000724644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe794ede47b6a92021-12-21 12:51:03.444root 11241100x8000000000000000724645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a846af2fc3c4e02021-12-21 12:51:03.445root 11241100x8000000000000000724646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42b429269d67c972021-12-21 12:51:03.445root 11241100x8000000000000000724647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1d8a7415ad28ad2021-12-21 12:51:03.445root 11241100x8000000000000000724648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37c734be60244ff2021-12-21 12:51:03.445root 11241100x8000000000000000724649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d76b5e7f5cccd2021-12-21 12:51:03.445root 11241100x8000000000000000724650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b609da0c6ccb1342021-12-21 12:51:03.446root 11241100x8000000000000000724651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dd43c346ffffbc2021-12-21 12:51:03.446root 11241100x8000000000000000724652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9287aac4c6965aa2021-12-21 12:51:03.446root 11241100x8000000000000000724653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29a903bf1402c4f2021-12-21 12:51:03.446root 11241100x8000000000000000724654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076afbf35651c2fc2021-12-21 12:51:03.446root 11241100x8000000000000000724655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a128e0c7a27d26632021-12-21 12:51:03.446root 11241100x8000000000000000724656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a815ad3949d4322021-12-21 12:51:03.446root 11241100x8000000000000000724657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81f1369419d16052021-12-21 12:51:03.446root 11241100x8000000000000000724658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84813ff6fb148bc22021-12-21 12:51:03.446root 11241100x8000000000000000724659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3680bda0f7f249882021-12-21 12:51:03.447root 11241100x8000000000000000724660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc8667b3873e3592021-12-21 12:51:03.447root 11241100x8000000000000000724661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd7620d5a7e17212021-12-21 12:51:03.447root 11241100x8000000000000000724662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf56af8f43a5df62021-12-21 12:51:03.447root 11241100x8000000000000000724663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132390afc1a979482021-12-21 12:51:03.447root 11241100x8000000000000000724664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067664ee9baf8472021-12-21 12:51:03.447root 11241100x8000000000000000724665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dbed7032ca373b2021-12-21 12:51:03.447root 11241100x8000000000000000724666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4454e72270a8612021-12-21 12:51:03.447root 11241100x8000000000000000724667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15ee69786a5a8692021-12-21 12:51:03.943root 11241100x8000000000000000724668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9d451005d1715b2021-12-21 12:51:03.943root 11241100x8000000000000000724669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3146967cdd68be12021-12-21 12:51:03.943root 11241100x8000000000000000724670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80457bf22ccdc14f2021-12-21 12:51:03.943root 11241100x8000000000000000724671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2766065329bd40f2021-12-21 12:51:03.943root 11241100x8000000000000000724672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a480ccfeae10cee2021-12-21 12:51:03.943root 11241100x8000000000000000724673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e155faf2ff0bb26c2021-12-21 12:51:03.944root 11241100x8000000000000000724674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3afeca180fb4e92021-12-21 12:51:03.944root 11241100x8000000000000000724675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4282700507d5b6232021-12-21 12:51:03.944root 11241100x8000000000000000724676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd916b04faf40fd2021-12-21 12:51:03.944root 11241100x8000000000000000724677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636d6a690410d4cf2021-12-21 12:51:03.944root 11241100x8000000000000000724678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f263ffc558f45d652021-12-21 12:51:03.944root 11241100x8000000000000000724679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76de383558d29aad2021-12-21 12:51:03.944root 11241100x8000000000000000724680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12afd66a2f7655132021-12-21 12:51:03.944root 11241100x8000000000000000724681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30970461c30961642021-12-21 12:51:03.944root 11241100x8000000000000000724682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb68093711904242021-12-21 12:51:03.944root 11241100x8000000000000000724683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273d259a2ce2b9bc2021-12-21 12:51:03.945root 11241100x8000000000000000724684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b724c32247370c2021-12-21 12:51:03.945root 11241100x8000000000000000724685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b9b21f61b42f332021-12-21 12:51:03.945root 11241100x8000000000000000724686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2985af9bdfa696d32021-12-21 12:51:03.945root 11241100x8000000000000000724687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8c2436f6742e7f2021-12-21 12:51:03.945root 11241100x8000000000000000724688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8262af8ffa88c7182021-12-21 12:51:04.443root 11241100x8000000000000000724689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e786a972438b18bb2021-12-21 12:51:04.443root 11241100x8000000000000000724690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fa3b0df752d4702021-12-21 12:51:04.443root 11241100x8000000000000000724691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b9a35cc5e5e3d22021-12-21 12:51:04.443root 11241100x8000000000000000724692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeee714077059fa02021-12-21 12:51:04.444root 11241100x8000000000000000724693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4309220a7cd9bd52021-12-21 12:51:04.444root 11241100x8000000000000000724694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55819f2dcfe132f92021-12-21 12:51:04.444root 11241100x8000000000000000724695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6869dda48e1e990f2021-12-21 12:51:04.444root 11241100x8000000000000000724696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db7cfc95b1faf462021-12-21 12:51:04.444root 11241100x8000000000000000724697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4debb942e77f0ceb2021-12-21 12:51:04.444root 11241100x8000000000000000724698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b457e481b888a382021-12-21 12:51:04.444root 11241100x8000000000000000724699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de30ad86abea29b42021-12-21 12:51:04.444root 11241100x8000000000000000724700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab4eda165b6aa152021-12-21 12:51:04.444root 11241100x8000000000000000724701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b1755d4f8e8bd2021-12-21 12:51:04.444root 11241100x8000000000000000724702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe8ded3108250842021-12-21 12:51:04.445root 11241100x8000000000000000724703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6f366fc45a51e82021-12-21 12:51:04.445root 11241100x8000000000000000724704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ec49141c0246d12021-12-21 12:51:04.445root 11241100x8000000000000000724705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab713b7b196d47c2021-12-21 12:51:04.445root 11241100x8000000000000000724706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc71e5b9dfc7fca2021-12-21 12:51:04.445root 11241100x8000000000000000724707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd4b3bd9312ee8c2021-12-21 12:51:04.446root 11241100x8000000000000000724708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3f0fcf04759f542021-12-21 12:51:04.446root 11241100x8000000000000000724709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef8eb0eb85165242021-12-21 12:51:04.943root 11241100x8000000000000000724710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3417c7f63408ad2021-12-21 12:51:04.943root 11241100x8000000000000000724711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1444b8fc7991e7b72021-12-21 12:51:04.943root 11241100x8000000000000000724712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d752e9ce4f2b8a22021-12-21 12:51:04.943root 11241100x8000000000000000724713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a51685b712b1482021-12-21 12:51:04.944root 11241100x8000000000000000724714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8f0050d77170342021-12-21 12:51:04.944root 11241100x8000000000000000724715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15edf4bc53508dfb2021-12-21 12:51:04.944root 11241100x8000000000000000724716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1d470d62daab722021-12-21 12:51:04.944root 11241100x8000000000000000724717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd061fed6ec6e9892021-12-21 12:51:04.944root 11241100x8000000000000000724718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3bc2f3b73fdde82021-12-21 12:51:04.944root 11241100x8000000000000000724719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45a9cfce52e1f472021-12-21 12:51:04.944root 11241100x8000000000000000724720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92678831a9559602021-12-21 12:51:04.944root 11241100x8000000000000000724721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa9ab34c50ac98e2021-12-21 12:51:04.944root 11241100x8000000000000000724722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d356a6d49a69ed442021-12-21 12:51:04.944root 11241100x8000000000000000724723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51865ef128e917092021-12-21 12:51:04.944root 11241100x8000000000000000724724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f3c36767a265632021-12-21 12:51:04.945root 11241100x8000000000000000724725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53400e4ac42f67612021-12-21 12:51:04.945root 11241100x8000000000000000724726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bafae63e03094c2021-12-21 12:51:04.945root 11241100x8000000000000000724727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c01700b7157c5072021-12-21 12:51:04.945root 11241100x8000000000000000724728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5076c273d1486912021-12-21 12:51:04.945root 11241100x8000000000000000724729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f2c0ba3e7a841f2021-12-21 12:51:04.945root 11241100x8000000000000000724730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2074ed286b738e72021-12-21 12:51:05.443root 11241100x8000000000000000724731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaa3ba2ddf62c2f2021-12-21 12:51:05.443root 11241100x8000000000000000724732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e93c84fcf3699c2021-12-21 12:51:05.443root 11241100x8000000000000000724733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15d1ffbf7b47f312021-12-21 12:51:05.444root 11241100x8000000000000000724734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9588389375af670d2021-12-21 12:51:05.444root 11241100x8000000000000000724735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fc84584b1a5c4b2021-12-21 12:51:05.444root 11241100x8000000000000000724736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48caa577fd3463f82021-12-21 12:51:05.444root 11241100x8000000000000000724737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f503a6f71ab72d42021-12-21 12:51:05.444root 11241100x8000000000000000724738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f3bcf20e968cb2021-12-21 12:51:05.444root 11241100x8000000000000000724739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ee23655fd3d9c02021-12-21 12:51:05.444root 11241100x8000000000000000724740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1390536a1e72fce62021-12-21 12:51:05.444root 11241100x8000000000000000724741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9bf05bf237443e2021-12-21 12:51:05.444root 11241100x8000000000000000724742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23e97f6a9aba49f2021-12-21 12:51:05.445root 11241100x8000000000000000724743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f63fc59096a49c2021-12-21 12:51:05.445root 11241100x8000000000000000724744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f29628ea54524dc2021-12-21 12:51:05.445root 11241100x8000000000000000724745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d67fec5f077fd2021-12-21 12:51:05.445root 11241100x8000000000000000724746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9ff506c8b5d4762021-12-21 12:51:05.445root 11241100x8000000000000000724747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9f167a105225f62021-12-21 12:51:05.445root 11241100x8000000000000000724748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0174050addf1c2021-12-21 12:51:05.445root 11241100x8000000000000000724749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bcad03e39748c92021-12-21 12:51:05.445root 11241100x8000000000000000724750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec63fa3b4bdfeee2021-12-21 12:51:05.445root 11241100x8000000000000000724751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7a713dd3169882021-12-21 12:51:05.943root 11241100x8000000000000000724752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6a52fa6989db62021-12-21 12:51:05.944root 11241100x8000000000000000724753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8ba57be2afb7632021-12-21 12:51:05.944root 11241100x8000000000000000724754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c2e4ae65d97002021-12-21 12:51:05.944root 11241100x8000000000000000724755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1135b8a268e60f022021-12-21 12:51:05.944root 11241100x8000000000000000724756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7013fa5cb6f5e9d72021-12-21 12:51:05.944root 11241100x8000000000000000724757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a4c342ef37f6bb2021-12-21 12:51:05.944root 11241100x8000000000000000724758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efb8ff593a7d1b52021-12-21 12:51:05.944root 11241100x8000000000000000724759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5a8273307705af2021-12-21 12:51:05.945root 11241100x8000000000000000724760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d750c1c136200e52021-12-21 12:51:05.945root 11241100x8000000000000000724761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068cd0ed0332b3952021-12-21 12:51:05.945root 11241100x8000000000000000724762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd72f357457fab9c2021-12-21 12:51:05.945root 11241100x8000000000000000724763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d3f4396bc061682021-12-21 12:51:05.945root 11241100x8000000000000000724764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a5872a4f3f17352021-12-21 12:51:05.945root 11241100x8000000000000000724765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1192628d1ca5a4c22021-12-21 12:51:05.945root 11241100x8000000000000000724766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bfda99573c92ed2021-12-21 12:51:05.945root 11241100x8000000000000000724767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad9324aadba3572021-12-21 12:51:05.945root 11241100x8000000000000000724768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bc8532db1cacea2021-12-21 12:51:05.945root 11241100x8000000000000000724769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48196a13b543a992021-12-21 12:51:05.945root 11241100x8000000000000000724770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5405799d2bb865282021-12-21 12:51:05.945root 11241100x8000000000000000724771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c2255828df2bbe2021-12-21 12:51:05.946root 11241100x8000000000000000724772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:51:06.131root 11241100x8000000000000000724773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfac6fc08693b1242021-12-21 12:51:06.443root 11241100x8000000000000000724774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592ada0f12971182021-12-21 12:51:06.443root 11241100x8000000000000000724775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c1709d36eeddda2021-12-21 12:51:06.443root 11241100x8000000000000000724776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f5cc93f7ec9def2021-12-21 12:51:06.443root 11241100x8000000000000000724777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34266cdcdc65f88c2021-12-21 12:51:06.444root 11241100x8000000000000000724778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f53dbf63a68f462021-12-21 12:51:06.444root 11241100x8000000000000000724779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a737d86010bd9a2021-12-21 12:51:06.444root 11241100x8000000000000000724780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72c8fa573f043e2021-12-21 12:51:06.444root 11241100x8000000000000000724781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eadad75c99ff36d2021-12-21 12:51:06.444root 11241100x8000000000000000724782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc2aec4d45e08f32021-12-21 12:51:06.444root 11241100x8000000000000000724783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b542e66b4d5625cd2021-12-21 12:51:06.444root 11241100x8000000000000000724784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab6aad4104624cd2021-12-21 12:51:06.444root 11241100x8000000000000000724785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12612391fc7b03a2021-12-21 12:51:06.444root 11241100x8000000000000000724786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9733a29cd3f3c1fc2021-12-21 12:51:06.444root 11241100x8000000000000000724787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb1421ec977cdf2021-12-21 12:51:06.444root 11241100x8000000000000000724788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffa7cc26d42a9f52021-12-21 12:51:06.445root 11241100x8000000000000000724789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a37290243fa5f772021-12-21 12:51:06.445root 11241100x8000000000000000724790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d62509154a705282021-12-21 12:51:06.445root 11241100x8000000000000000724791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06279219cdf798132021-12-21 12:51:06.445root 11241100x8000000000000000724792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fbffd2af781cd02021-12-21 12:51:06.445root 11241100x8000000000000000724793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3573c6a74d33bad32021-12-21 12:51:06.445root 11241100x8000000000000000724794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00226a8ec4e3687c2021-12-21 12:51:06.445root 11241100x8000000000000000724795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870b42bc676ca2d92021-12-21 12:51:06.943root 11241100x8000000000000000724796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fd212cda6021a22021-12-21 12:51:06.943root 11241100x8000000000000000724797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c71c9a3830fa0c32021-12-21 12:51:06.944root 11241100x8000000000000000724798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca9ba82ab73d96b2021-12-21 12:51:06.944root 11241100x8000000000000000724799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e98c8638d3faa52021-12-21 12:51:06.944root 11241100x8000000000000000724800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f78b18d38d509672021-12-21 12:51:06.944root 11241100x8000000000000000724801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08512c381c9885ba2021-12-21 12:51:06.945root 11241100x8000000000000000724802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb746fbd4d1b342021-12-21 12:51:06.945root 11241100x8000000000000000724803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189915be59adb59c2021-12-21 12:51:06.945root 11241100x8000000000000000724804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd47a3c539e6ead2021-12-21 12:51:06.946root 11241100x8000000000000000724805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f5c122cb33bf5c2021-12-21 12:51:06.946root 11241100x8000000000000000724806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8682e7b53eeba7fc2021-12-21 12:51:06.947root 11241100x8000000000000000724807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca18ce0665410d3a2021-12-21 12:51:06.947root 11241100x8000000000000000724808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ef6f9824bf8d822021-12-21 12:51:06.948root 11241100x8000000000000000724809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059df08ec2fccaa32021-12-21 12:51:06.948root 11241100x8000000000000000724810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eeb2ab4bc8bbac2021-12-21 12:51:06.949root 11241100x8000000000000000724811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51400a1fcf75f2642021-12-21 12:51:06.949root 11241100x8000000000000000724812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea74f999c0c85d6b2021-12-21 12:51:06.950root 11241100x8000000000000000724813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ffdb8fe2878d222021-12-21 12:51:06.950root 11241100x8000000000000000724814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480d375c2fcefc42021-12-21 12:51:06.950root 11241100x8000000000000000724815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e516fce989bfcd782021-12-21 12:51:06.952root 11241100x8000000000000000724816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c022fea40f97a92021-12-21 12:51:06.952root 11241100x8000000000000000724817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee1b2195aaf439a2021-12-21 12:51:06.952root 11241100x8000000000000000724818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ca9b4fa8ae669c2021-12-21 12:51:06.952root 11241100x8000000000000000724819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8e8e11ca72db322021-12-21 12:51:06.952root 11241100x8000000000000000724820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a579ca306f649d2021-12-21 12:51:06.952root 11241100x8000000000000000724821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674effd940fd26762021-12-21 12:51:06.952root 11241100x8000000000000000724822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dfbf790b1e212c2021-12-21 12:51:07.442root 11241100x8000000000000000724823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cfb31870690ab82021-12-21 12:51:07.443root 11241100x8000000000000000724824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ac3b332daae6102021-12-21 12:51:07.443root 11241100x8000000000000000724825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc421c2fe1e2cf742021-12-21 12:51:07.443root 11241100x8000000000000000724826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507dc45b7c6829cc2021-12-21 12:51:07.443root 11241100x8000000000000000724827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39b36db047d3e42021-12-21 12:51:07.443root 11241100x8000000000000000724828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b37b34a60c7b542021-12-21 12:51:07.443root 11241100x8000000000000000724829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3f7343bc0169452021-12-21 12:51:07.443root 11241100x8000000000000000724830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66be503517fb68582021-12-21 12:51:07.443root 11241100x8000000000000000724831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f69e84a5b4bea0b2021-12-21 12:51:07.443root 11241100x8000000000000000724832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346ae78f24f178632021-12-21 12:51:07.443root 11241100x8000000000000000724833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad44c1ab88b6a3b2021-12-21 12:51:07.443root 11241100x8000000000000000724834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9418c01106c4a4792021-12-21 12:51:07.443root 11241100x8000000000000000724835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dee671a6fdaaff82021-12-21 12:51:07.444root 11241100x8000000000000000724836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba4e2bc9697bb3c2021-12-21 12:51:07.444root 11241100x8000000000000000724837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07eea9c9384713c2021-12-21 12:51:07.444root 11241100x8000000000000000724838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae1e20de738238d2021-12-21 12:51:07.444root 11241100x8000000000000000724839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13e6f0f37c98c22021-12-21 12:51:07.444root 11241100x8000000000000000724840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfc87029a3c37172021-12-21 12:51:07.444root 11241100x8000000000000000724841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd8dd6040075d862021-12-21 12:51:07.444root 11241100x8000000000000000724842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df06266be6a3672021-12-21 12:51:07.444root 11241100x8000000000000000724843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b84998725c02ebe2021-12-21 12:51:07.444root 11241100x8000000000000000724844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9752bf71f3db21002021-12-21 12:51:07.943root 11241100x8000000000000000724845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4108e64fc811982021-12-21 12:51:07.943root 11241100x8000000000000000724846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f85981e3cd7d62021-12-21 12:51:07.943root 11241100x8000000000000000724847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94762195e18642592021-12-21 12:51:07.943root 11241100x8000000000000000724848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d37c9ea71d34de2021-12-21 12:51:07.944root 11241100x8000000000000000724849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5cf985477601dc2021-12-21 12:51:07.944root 11241100x8000000000000000724850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abed07cd84db7422021-12-21 12:51:07.944root 11241100x8000000000000000724851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7b81651ed9b5d72021-12-21 12:51:07.944root 11241100x8000000000000000724852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d6515266ddf9a62021-12-21 12:51:07.944root 11241100x8000000000000000724853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb136c3d5db5e762021-12-21 12:51:07.944root 11241100x8000000000000000724854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2918358d994f0eab2021-12-21 12:51:07.944root 11241100x8000000000000000724855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435249a1a72db64b2021-12-21 12:51:07.944root 11241100x8000000000000000724856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1290d4439968532021-12-21 12:51:07.944root 11241100x8000000000000000724857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bb9f365e86bdfa2021-12-21 12:51:07.944root 11241100x8000000000000000724858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4e25cb6c7960022021-12-21 12:51:07.944root 11241100x8000000000000000724859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86789c1a5290e712021-12-21 12:51:07.944root 11241100x8000000000000000724860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958b07b661d1d5482021-12-21 12:51:07.944root 11241100x8000000000000000724861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c124983e61abc0692021-12-21 12:51:07.944root 11241100x8000000000000000724862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56fde8fbd3b56572021-12-21 12:51:07.944root 11241100x8000000000000000724863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7b04f826113a1e2021-12-21 12:51:07.944root 11241100x8000000000000000724864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce699cf5dcbe672021-12-21 12:51:07.945root 11241100x8000000000000000724865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa6075c56ea3cf32021-12-21 12:51:07.945root 354300x8000000000000000724866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.193{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50576-false10.0.1.12-8000- 11241100x8000000000000000724867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f7f2e6f29de0202021-12-21 12:51:08.443root 11241100x8000000000000000724868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfb83790aae11dc2021-12-21 12:51:08.443root 11241100x8000000000000000724869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e013935378a0df492021-12-21 12:51:08.443root 11241100x8000000000000000724870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04c3831c472128b2021-12-21 12:51:08.444root 11241100x8000000000000000724871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e556a5239e5a202021-12-21 12:51:08.444root 11241100x8000000000000000724872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efed098f2c9eef82021-12-21 12:51:08.444root 11241100x8000000000000000724873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dc178984f8c6bd2021-12-21 12:51:08.444root 11241100x8000000000000000724874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2a909c1c6954152021-12-21 12:51:08.444root 11241100x8000000000000000724875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a033f803c19876a12021-12-21 12:51:08.444root 11241100x8000000000000000724876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae08341492c077cc2021-12-21 12:51:08.444root 11241100x8000000000000000724877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7194f62388aa972021-12-21 12:51:08.444root 11241100x8000000000000000724878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291163311796b74f2021-12-21 12:51:08.444root 11241100x8000000000000000724879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dc521ff11b3f0b2021-12-21 12:51:08.444root 11241100x8000000000000000724880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d1abf7fefe4882021-12-21 12:51:08.444root 11241100x8000000000000000724881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4e333ffa4c47d42021-12-21 12:51:08.444root 11241100x8000000000000000724882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec10588c57ec9d6d2021-12-21 12:51:08.444root 11241100x8000000000000000724883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871b5d8dc498442a2021-12-21 12:51:08.444root 11241100x8000000000000000724884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6891789f6e6231bb2021-12-21 12:51:08.444root 11241100x8000000000000000724885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f72900f1689a7b2021-12-21 12:51:08.444root 11241100x8000000000000000724886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb71afe74e0b3bee2021-12-21 12:51:08.445root 11241100x8000000000000000724887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1416d2d4e2f3992021-12-21 12:51:08.445root 11241100x8000000000000000724888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc769435825300d2021-12-21 12:51:08.445root 11241100x8000000000000000724889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a5b04c528af95c2021-12-21 12:51:08.445root 11241100x8000000000000000724890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39797ca32007b8e12021-12-21 12:51:08.943root 11241100x8000000000000000724891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858618ee3cbee4d42021-12-21 12:51:08.943root 11241100x8000000000000000724892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40605bdf7d9bce5d2021-12-21 12:51:08.943root 11241100x8000000000000000724893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63bf74378205daf2021-12-21 12:51:08.943root 11241100x8000000000000000724894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e59540d2934d812021-12-21 12:51:08.944root 11241100x8000000000000000724895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8f3eb0935da272021-12-21 12:51:08.944root 11241100x8000000000000000724896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9629e5e0861d9f92021-12-21 12:51:08.944root 11241100x8000000000000000724897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896e7e6c1eabbf352021-12-21 12:51:08.944root 11241100x8000000000000000724898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32f49bd7d7b887e2021-12-21 12:51:08.944root 11241100x8000000000000000724899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153a7cf5940129422021-12-21 12:51:08.944root 11241100x8000000000000000724900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafed5dbeb57cc822021-12-21 12:51:08.944root 11241100x8000000000000000724901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48586bd11b4b32562021-12-21 12:51:08.944root 11241100x8000000000000000724902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e106d7d2bc2c22021-12-21 12:51:08.944root 11241100x8000000000000000724903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e7c05e66936b542021-12-21 12:51:08.944root 11241100x8000000000000000724904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2667fd20f0cbc42021-12-21 12:51:08.944root 11241100x8000000000000000724905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68691b02e9c1249a2021-12-21 12:51:08.944root 11241100x8000000000000000724906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48093bfa2b56349a2021-12-21 12:51:08.944root 11241100x8000000000000000724907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f2b94edccc8b132021-12-21 12:51:08.944root 11241100x8000000000000000724908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614fa47c1cbb6f392021-12-21 12:51:08.944root 11241100x8000000000000000724909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25060b4a51815f1b2021-12-21 12:51:08.944root 11241100x8000000000000000724910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff6490f16ba656b2021-12-21 12:51:08.945root 11241100x8000000000000000724911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c0395af2a061b2021-12-21 12:51:08.945root 11241100x8000000000000000724912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce605cfd4c3995b42021-12-21 12:51:08.945root 23542300x8000000000000000724913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.023{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000724914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b590f46f4784f22021-12-21 12:51:09.443root 11241100x8000000000000000724915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caa539624e5f9692021-12-21 12:51:09.443root 11241100x8000000000000000724916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d311a32a2bbc80512021-12-21 12:51:09.444root 11241100x8000000000000000724917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001eb3c6118916972021-12-21 12:51:09.444root 11241100x8000000000000000724918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897d44618ac9dbd72021-12-21 12:51:09.444root 11241100x8000000000000000724919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcc73645aef28b42021-12-21 12:51:09.444root 11241100x8000000000000000724920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3257262eb50d5c3a2021-12-21 12:51:09.444root 11241100x8000000000000000724921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b86ce3fc1d648ae2021-12-21 12:51:09.444root 11241100x8000000000000000724922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a672e35fa4840a02021-12-21 12:51:09.444root 11241100x8000000000000000724923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42713039390a81c2021-12-21 12:51:09.444root 11241100x8000000000000000724924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e7885c0644dc6a2021-12-21 12:51:09.444root 11241100x8000000000000000724925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3092ac8847bb43042021-12-21 12:51:09.444root 11241100x8000000000000000724926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc77df573169b3b2021-12-21 12:51:09.444root 11241100x8000000000000000724927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9bdfa45807ec72021-12-21 12:51:09.444root 11241100x8000000000000000724928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd72d32a97a88702021-12-21 12:51:09.444root 11241100x8000000000000000724929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c8ce08b8d09f9f2021-12-21 12:51:09.444root 11241100x8000000000000000724930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a1e036d0d94a722021-12-21 12:51:09.444root 11241100x8000000000000000724931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d12411ea6d14d2021-12-21 12:51:09.445root 11241100x8000000000000000724932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde9fe479ffd1462021-12-21 12:51:09.445root 11241100x8000000000000000724933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c95fcbc92e15702021-12-21 12:51:09.445root 11241100x8000000000000000724934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eecd4fba4742082021-12-21 12:51:09.445root 11241100x8000000000000000724935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffb53479461c1422021-12-21 12:51:09.445root 11241100x8000000000000000724936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b99165e7dd970b2021-12-21 12:51:09.445root 11241100x8000000000000000724937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72b556b33d1ce4b2021-12-21 12:51:09.445root 11241100x8000000000000000724938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6f1977dedeae342021-12-21 12:51:09.943root 11241100x8000000000000000724939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1817e7b2e41630742021-12-21 12:51:09.943root 11241100x8000000000000000724940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03dce275ea5dd1f2021-12-21 12:51:09.943root 11241100x8000000000000000724941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c27a9d5322816b2021-12-21 12:51:09.943root 11241100x8000000000000000724942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eced8b23c574822021-12-21 12:51:09.944root 11241100x8000000000000000724943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08148c66218ae7712021-12-21 12:51:09.944root 11241100x8000000000000000724944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634a3861db40fbdc2021-12-21 12:51:09.944root 11241100x8000000000000000724945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1792c30abe03b72021-12-21 12:51:09.944root 11241100x8000000000000000724946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c41fa011c45c2e32021-12-21 12:51:09.944root 11241100x8000000000000000724947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de32f4219c334912021-12-21 12:51:09.944root 11241100x8000000000000000724948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e34cd263c713b52021-12-21 12:51:09.944root 11241100x8000000000000000724949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1d3449f832572d2021-12-21 12:51:09.944root 11241100x8000000000000000724950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aeafe66872d9ee2021-12-21 12:51:09.944root 11241100x8000000000000000724951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88bec3952d237cd2021-12-21 12:51:09.944root 11241100x8000000000000000724952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f141cd0e1a2720ad2021-12-21 12:51:09.944root 11241100x8000000000000000724953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f763b0e937e60d2021-12-21 12:51:09.944root 11241100x8000000000000000724954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07a0ca01023db232021-12-21 12:51:09.944root 11241100x8000000000000000724955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5ce1eb979bfd652021-12-21 12:51:09.944root 11241100x8000000000000000724956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394b062de509ccd42021-12-21 12:51:09.944root 11241100x8000000000000000724957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd498332263c6a72021-12-21 12:51:09.945root 11241100x8000000000000000724958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdc3fda2f2603a72021-12-21 12:51:09.945root 11241100x8000000000000000724959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f146027cdd0365042021-12-21 12:51:09.945root 11241100x8000000000000000724960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9225052e12be3522021-12-21 12:51:09.945root 11241100x8000000000000000724961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f23f1cb5432282021-12-21 12:51:09.945root 11241100x8000000000000000724962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb73056c57045682021-12-21 12:51:10.443root 11241100x8000000000000000724963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094583a3995c78512021-12-21 12:51:10.443root 11241100x8000000000000000724964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748bc2c4bbbcc9382021-12-21 12:51:10.443root 11241100x8000000000000000724965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137e1cd5aa9db48d2021-12-21 12:51:10.443root 11241100x8000000000000000724966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e864e4e29e0f2cd2021-12-21 12:51:10.444root 11241100x8000000000000000724967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef27858abb250912021-12-21 12:51:10.444root 11241100x8000000000000000724968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81995516495da6322021-12-21 12:51:10.444root 11241100x8000000000000000724969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82143f234edb8c132021-12-21 12:51:10.444root 11241100x8000000000000000724970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13103b4096320a682021-12-21 12:51:10.444root 11241100x8000000000000000724971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3bd85b758a6b072021-12-21 12:51:10.444root 11241100x8000000000000000724972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c654d3a7e5d3312021-12-21 12:51:10.444root 11241100x8000000000000000724973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4bc6550846f74b2021-12-21 12:51:10.444root 11241100x8000000000000000724974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5e7b6e3a7d1ff82021-12-21 12:51:10.444root 11241100x8000000000000000724975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab4f8d83868f9b32021-12-21 12:51:10.444root 11241100x8000000000000000724976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562eb9c98bfae5532021-12-21 12:51:10.444root 11241100x8000000000000000724977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23878f043d41e42021-12-21 12:51:10.444root 11241100x8000000000000000724978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3127009e96fca22021-12-21 12:51:10.444root 11241100x8000000000000000724979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15119b5c8ab07d1a2021-12-21 12:51:10.444root 11241100x8000000000000000724980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bad457dd8e4b482021-12-21 12:51:10.444root 11241100x8000000000000000724981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f747928848fde41e2021-12-21 12:51:10.444root 11241100x8000000000000000724982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e63957fb8bc4952021-12-21 12:51:10.445root 11241100x8000000000000000724983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380fd07b5556ebd22021-12-21 12:51:10.445root 11241100x8000000000000000724984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c345546968a222e22021-12-21 12:51:10.445root 11241100x8000000000000000724985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779abcb9ae654c0d2021-12-21 12:51:10.445root 11241100x8000000000000000724986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a16c3a7d30bd06f2021-12-21 12:51:10.943root 11241100x8000000000000000724987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8993ec189bf786ad2021-12-21 12:51:10.943root 11241100x8000000000000000724988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290bb90aa797e96d2021-12-21 12:51:10.943root 11241100x8000000000000000724989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8fd3073bf27d7f2021-12-21 12:51:10.943root 11241100x8000000000000000724990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474d44aad5a1a7d12021-12-21 12:51:10.944root 11241100x8000000000000000724991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219be70717e3a5b62021-12-21 12:51:10.944root 11241100x8000000000000000724992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31978136e759c5b42021-12-21 12:51:10.944root 11241100x8000000000000000724993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2558490d4f658722021-12-21 12:51:10.944root 11241100x8000000000000000724994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7298ed4079764032021-12-21 12:51:10.944root 11241100x8000000000000000724995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447bb449ee642aef2021-12-21 12:51:10.944root 11241100x8000000000000000724996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe80ca7e9c458c992021-12-21 12:51:10.944root 11241100x8000000000000000724997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08b0155076e13b82021-12-21 12:51:10.944root 11241100x8000000000000000724998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c5d259be9c6aff2021-12-21 12:51:10.944root 11241100x8000000000000000724999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0509db59fe2dc6f2021-12-21 12:51:10.944root 11241100x8000000000000000725000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d75292e3bf309292021-12-21 12:51:10.944root 11241100x8000000000000000725001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d15d60481113e302021-12-21 12:51:10.945root 11241100x8000000000000000725002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768e9db7021098d22021-12-21 12:51:10.945root 11241100x8000000000000000725003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef079451b18f6492021-12-21 12:51:10.945root 11241100x8000000000000000725004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d51da24150306ec2021-12-21 12:51:10.945root 11241100x8000000000000000725005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a09ea100a54f322021-12-21 12:51:10.945root 11241100x8000000000000000725006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7663a72a9ac602d52021-12-21 12:51:10.945root 11241100x8000000000000000725007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9238a9616807c72021-12-21 12:51:10.945root 11241100x8000000000000000725008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9267279b8a529a2021-12-21 12:51:10.945root 11241100x8000000000000000725009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a942941bc79400b82021-12-21 12:51:10.945root 11241100x8000000000000000725010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e8751aa0c51a622021-12-21 12:51:11.443root 11241100x8000000000000000725011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de4f2e6feb5b542021-12-21 12:51:11.443root 11241100x8000000000000000725012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8627765ebd1f922021-12-21 12:51:11.443root 11241100x8000000000000000725013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29e97af9c8aa9572021-12-21 12:51:11.443root 11241100x8000000000000000725014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad1a84b16bb6b2f2021-12-21 12:51:11.444root 11241100x8000000000000000725015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ca133f0c5350ee2021-12-21 12:51:11.444root 11241100x8000000000000000725016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a105af4db9cd582021-12-21 12:51:11.444root 11241100x8000000000000000725017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8658da76dcdc3a2021-12-21 12:51:11.444root 11241100x8000000000000000725018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a99361a781aaa02021-12-21 12:51:11.444root 11241100x8000000000000000725019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3788e278d690f2021-12-21 12:51:11.444root 11241100x8000000000000000725020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f195f66fcec0c372021-12-21 12:51:11.444root 11241100x8000000000000000725021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427fb0474a09d64d2021-12-21 12:51:11.444root 11241100x8000000000000000725022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913f20d481e0f082021-12-21 12:51:11.444root 11241100x8000000000000000725023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf86f402cf9c6892021-12-21 12:51:11.444root 11241100x8000000000000000725024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92170ff3e474cc412021-12-21 12:51:11.444root 11241100x8000000000000000725025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f88ad4491d8a3c2021-12-21 12:51:11.444root 11241100x8000000000000000725026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9afe600b6d9e0b2021-12-21 12:51:11.444root 11241100x8000000000000000725027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee514174c17a1c02021-12-21 12:51:11.444root 11241100x8000000000000000725028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc01e29e0e7f2f0e2021-12-21 12:51:11.444root 11241100x8000000000000000725029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812d9a6a9cf1c2612021-12-21 12:51:11.444root 11241100x8000000000000000725030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3987a03c50fdf4472021-12-21 12:51:11.445root 11241100x8000000000000000725031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa85efcade890fbe2021-12-21 12:51:11.445root 11241100x8000000000000000725032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa81c440d7d9acd12021-12-21 12:51:11.445root 11241100x8000000000000000725033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3011c63d1bf2c7ea2021-12-21 12:51:11.445root 11241100x8000000000000000725034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e0ec2c9420c5ac2021-12-21 12:51:11.943root 11241100x8000000000000000725035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15df797e04c8a72021-12-21 12:51:11.943root 11241100x8000000000000000725036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbafeae57bf016e2021-12-21 12:51:11.943root 11241100x8000000000000000725037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d32d63b214cdf2021-12-21 12:51:11.943root 11241100x8000000000000000725038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d594651f59f2ede62021-12-21 12:51:11.944root 11241100x8000000000000000725039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07503b1a4ce0e9322021-12-21 12:51:11.944root 11241100x8000000000000000725040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd252e316f2d5fc2021-12-21 12:51:11.944root 11241100x8000000000000000725041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024fe54c2111c682021-12-21 12:51:11.944root 11241100x8000000000000000725042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8603c3d27587cfe82021-12-21 12:51:11.944root 11241100x8000000000000000725043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3cd63c6077cd212021-12-21 12:51:11.944root 11241100x8000000000000000725044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75466325e167d7c22021-12-21 12:51:11.944root 11241100x8000000000000000725045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d57329ec81950cd2021-12-21 12:51:11.944root 11241100x8000000000000000725046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3829d20ecc9ff12021-12-21 12:51:11.944root 11241100x8000000000000000725047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4574845cdd01751e2021-12-21 12:51:11.944root 11241100x8000000000000000725048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4acaa4fe52042f82021-12-21 12:51:11.944root 11241100x8000000000000000725049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66bcf1c74b466462021-12-21 12:51:11.944root 11241100x8000000000000000725050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842cca599cefad662021-12-21 12:51:11.944root 11241100x8000000000000000725051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd7ab0c50dd67d32021-12-21 12:51:11.944root 11241100x8000000000000000725052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81ac218ebd92e832021-12-21 12:51:11.944root 11241100x8000000000000000725053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7a1ea5d4060eb12021-12-21 12:51:11.944root 11241100x8000000000000000725054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac997df9734942802021-12-21 12:51:11.945root 11241100x8000000000000000725055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0973ed12730ca3e2021-12-21 12:51:11.945root 11241100x8000000000000000725056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bcd7f8c95bae242021-12-21 12:51:11.945root 11241100x8000000000000000725057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b0cffd0d201caf2021-12-21 12:51:11.945root 11241100x8000000000000000725058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ed40c74f4a42802021-12-21 12:51:12.443root 11241100x8000000000000000725059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b17f48c08463bf2021-12-21 12:51:12.443root 11241100x8000000000000000725060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e51bfb19093bbe2021-12-21 12:51:12.443root 11241100x8000000000000000725061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdda3e79dce1a14f2021-12-21 12:51:12.443root 11241100x8000000000000000725062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f39b4d554a259132021-12-21 12:51:12.444root 11241100x8000000000000000725063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e664b895f475f552021-12-21 12:51:12.444root 11241100x8000000000000000725064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72a7d2a19e8d4ee2021-12-21 12:51:12.444root 11241100x8000000000000000725065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e181a714ce4f5952021-12-21 12:51:12.444root 11241100x8000000000000000725066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88ffb6feacdf8d82021-12-21 12:51:12.444root 11241100x8000000000000000725067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88be3a460b08f2112021-12-21 12:51:12.444root 11241100x8000000000000000725068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ddf0fff2002712021-12-21 12:51:12.444root 11241100x8000000000000000725069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242c009122921fce2021-12-21 12:51:12.444root 11241100x8000000000000000725070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bebbb32e2fbba332021-12-21 12:51:12.444root 11241100x8000000000000000725071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172d61a4eb1c04902021-12-21 12:51:12.444root 11241100x8000000000000000725072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730fad364d8fa3e2021-12-21 12:51:12.444root 11241100x8000000000000000725073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f1f165ffa62e1d2021-12-21 12:51:12.444root 11241100x8000000000000000725074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b86d8ef43c4c322021-12-21 12:51:12.444root 11241100x8000000000000000725075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0a994f7027e9af2021-12-21 12:51:12.444root 11241100x8000000000000000725076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c256eb6219f817492021-12-21 12:51:12.444root 11241100x8000000000000000725077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eff1317425512b2021-12-21 12:51:12.444root 11241100x8000000000000000725078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e024b567af7d0752021-12-21 12:51:12.444root 11241100x8000000000000000725079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f4502f83c832562021-12-21 12:51:12.445root 11241100x8000000000000000725080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ba72504fb25e862021-12-21 12:51:12.445root 11241100x8000000000000000725081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c42c37b41a59ecf2021-12-21 12:51:12.445root 11241100x8000000000000000725082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d879487458d332dd2021-12-21 12:51:12.943root 11241100x8000000000000000725083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f5eea9e50cb8f02021-12-21 12:51:12.943root 11241100x8000000000000000725084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb6178ea6710f1d2021-12-21 12:51:12.943root 11241100x8000000000000000725085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f3f96d41d1043a2021-12-21 12:51:12.943root 11241100x8000000000000000725086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21a8c388d8463082021-12-21 12:51:12.944root 11241100x8000000000000000725087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa4705a8e97da282021-12-21 12:51:12.944root 11241100x8000000000000000725088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71f40c987d4928e2021-12-21 12:51:12.944root 11241100x8000000000000000725089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe64044b306ed82021-12-21 12:51:12.944root 11241100x8000000000000000725090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d126bd593f9d760a2021-12-21 12:51:12.944root 11241100x8000000000000000725091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6cdc48e090781e2021-12-21 12:51:12.944root 11241100x8000000000000000725092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6828dd0011ff5fd62021-12-21 12:51:12.944root 11241100x8000000000000000725093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a29f8b014dd5ca02021-12-21 12:51:12.944root 11241100x8000000000000000725094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97b1e366f6a6152021-12-21 12:51:12.944root 11241100x8000000000000000725095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508c3600a75a6bef2021-12-21 12:51:12.944root 11241100x8000000000000000725096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82928a674caeab62021-12-21 12:51:12.944root 11241100x8000000000000000725097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10f52d970d0bfd22021-12-21 12:51:12.944root 11241100x8000000000000000725098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4494a94ffc2d072021-12-21 12:51:12.944root 11241100x8000000000000000725099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7097a5b3117b312021-12-21 12:51:12.944root 11241100x8000000000000000725100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd316b57121ea8422021-12-21 12:51:12.944root 11241100x8000000000000000725101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddbe6dc46f2e8022021-12-21 12:51:12.945root 11241100x8000000000000000725102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a80418cce2867c82021-12-21 12:51:12.945root 11241100x8000000000000000725103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7808816715ad205e2021-12-21 12:51:12.945root 11241100x8000000000000000725104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ae2a6b2e9ffe152021-12-21 12:51:12.945root 11241100x8000000000000000725105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eea05ba06ebcc72021-12-21 12:51:12.945root 11241100x8000000000000000725106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048b9df68c585902021-12-21 12:51:13.443root 11241100x8000000000000000725107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe43793248243b32021-12-21 12:51:13.445root 11241100x8000000000000000725108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d7c5e73b59ee0b2021-12-21 12:51:13.445root 11241100x8000000000000000725109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec7620d8b49190d2021-12-21 12:51:13.445root 11241100x8000000000000000725110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594d296dbda065002021-12-21 12:51:13.445root 11241100x8000000000000000725111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba52276ab33e6eb2021-12-21 12:51:13.445root 11241100x8000000000000000725112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9191b3c68f276e4d2021-12-21 12:51:13.445root 11241100x8000000000000000725113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32741f08e85e7a0a2021-12-21 12:51:13.445root 11241100x8000000000000000725114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3896ba434ed641902021-12-21 12:51:13.445root 11241100x8000000000000000725115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffb186fd4b44e352021-12-21 12:51:13.445root 11241100x8000000000000000725116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeac3f9ad3960f22021-12-21 12:51:13.446root 11241100x8000000000000000725117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ce73a48295c1c42021-12-21 12:51:13.446root 11241100x8000000000000000725118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7cf451a71ca6e2021-12-21 12:51:13.446root 11241100x8000000000000000725119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cdf51007b6ef2d2021-12-21 12:51:13.446root 11241100x8000000000000000725120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb74b5c989d1fde2021-12-21 12:51:13.446root 11241100x8000000000000000725121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0bed71cae1d5aa2021-12-21 12:51:13.446root 11241100x8000000000000000725122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20092ff6424d743b2021-12-21 12:51:13.446root 11241100x8000000000000000725123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060ceb78051087e22021-12-21 12:51:13.446root 11241100x8000000000000000725124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4976be22c6e78cb2021-12-21 12:51:13.446root 11241100x8000000000000000725125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcf8bbb9ff828222021-12-21 12:51:13.446root 11241100x8000000000000000725126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0880aaa1ac282fbe2021-12-21 12:51:13.446root 11241100x8000000000000000725127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbe0adcca86984a2021-12-21 12:51:13.446root 11241100x8000000000000000725128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bfe81387c2b44f2021-12-21 12:51:13.446root 11241100x8000000000000000725129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a34667a61bfd02f2021-12-21 12:51:13.446root 11241100x8000000000000000725130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdda9f2bbe2b98452021-12-21 12:51:13.943root 11241100x8000000000000000725131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e4744ac185ecf82021-12-21 12:51:13.943root 11241100x8000000000000000725132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8896560c8dcef21e2021-12-21 12:51:13.943root 11241100x8000000000000000725133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1589c92c51322b72021-12-21 12:51:13.944root 11241100x8000000000000000725134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f534a5224f3665f2021-12-21 12:51:13.944root 11241100x8000000000000000725135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f96b8561de0a622021-12-21 12:51:13.944root 11241100x8000000000000000725136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7f3bb570e2b892021-12-21 12:51:13.944root 11241100x8000000000000000725137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86566ec515e912932021-12-21 12:51:13.944root 11241100x8000000000000000725138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ec33a427fac0892021-12-21 12:51:13.944root 11241100x8000000000000000725139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0908cfc9307a16c82021-12-21 12:51:13.944root 11241100x8000000000000000725140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fea3796e0e8e2752021-12-21 12:51:13.944root 11241100x8000000000000000725141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78088c92f858572021-12-21 12:51:13.944root 11241100x8000000000000000725142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a796029a83941c3d2021-12-21 12:51:13.944root 11241100x8000000000000000725143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0588d7d28b4e92021-12-21 12:51:13.944root 11241100x8000000000000000725144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8caed97bc65c062021-12-21 12:51:13.945root 11241100x8000000000000000725145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2341aff6fdbde582021-12-21 12:51:13.945root 11241100x8000000000000000725146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fff7faf08658b62021-12-21 12:51:13.945root 11241100x8000000000000000725147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69beed2e70dc25062021-12-21 12:51:13.945root 11241100x8000000000000000725148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2884b303f7dc7d2021-12-21 12:51:13.945root 11241100x8000000000000000725149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaec5bfd65e23d552021-12-21 12:51:13.945root 11241100x8000000000000000725150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63af204d408d9b182021-12-21 12:51:13.945root 11241100x8000000000000000725151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4922e7cee375377d2021-12-21 12:51:13.945root 11241100x8000000000000000725152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22a33693dad05802021-12-21 12:51:13.945root 11241100x8000000000000000725153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de8eee2376ea872021-12-21 12:51:13.945root 354300x8000000000000000725154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.067{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50578-false10.0.1.12-8000- 11241100x8000000000000000725155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738f32b9eeb4882d2021-12-21 12:51:14.443root 11241100x8000000000000000725156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac669611593e882021-12-21 12:51:14.443root 11241100x8000000000000000725157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b5b5098969e7d52021-12-21 12:51:14.443root 11241100x8000000000000000725158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a566bc0bf96be32021-12-21 12:51:14.443root 11241100x8000000000000000725159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09abd646dbeebb0a2021-12-21 12:51:14.444root 11241100x8000000000000000725160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24611fa76af40f152021-12-21 12:51:14.444root 11241100x8000000000000000725161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946a9a4bb37884332021-12-21 12:51:14.444root 11241100x8000000000000000725162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb084c7b87c48822021-12-21 12:51:14.444root 11241100x8000000000000000725163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ac9c20a4c123d2021-12-21 12:51:14.444root 11241100x8000000000000000725164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858579774efda2332021-12-21 12:51:14.444root 11241100x8000000000000000725165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797605c464c3fc542021-12-21 12:51:14.444root 11241100x8000000000000000725166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e609498c5e73c6272021-12-21 12:51:14.445root 11241100x8000000000000000725167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d549c07866d3eb6c2021-12-21 12:51:14.445root 11241100x8000000000000000725168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c7e128101d9eaf2021-12-21 12:51:14.445root 11241100x8000000000000000725169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128d830a1f60c2bb2021-12-21 12:51:14.445root 11241100x8000000000000000725170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac1e905867c2a02021-12-21 12:51:14.445root 11241100x8000000000000000725171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5451381e70031a202021-12-21 12:51:14.445root 11241100x8000000000000000725172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc69edc07f1abe952021-12-21 12:51:14.445root 11241100x8000000000000000725173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd1dfa81536b8a12021-12-21 12:51:14.445root 11241100x8000000000000000725174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4590576f4ef6262021-12-21 12:51:14.445root 11241100x8000000000000000725175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baa877647a336fb2021-12-21 12:51:14.445root 11241100x8000000000000000725176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcc3ed834ec58792021-12-21 12:51:14.445root 11241100x8000000000000000725177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955344f117a683822021-12-21 12:51:14.445root 11241100x8000000000000000725178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f38124a0c3d33902021-12-21 12:51:14.446root 11241100x8000000000000000725179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f347fa9c1b9ad92021-12-21 12:51:14.446root 11241100x8000000000000000725180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac782c427ceb0b82021-12-21 12:51:14.943root 11241100x8000000000000000725181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615e98a6298c9f0c2021-12-21 12:51:14.943root 11241100x8000000000000000725182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f6637d24ac0da72021-12-21 12:51:14.944root 11241100x8000000000000000725183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c7fc767ff33fc2021-12-21 12:51:14.944root 11241100x8000000000000000725184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d23cd12568a70d2021-12-21 12:51:14.944root 11241100x8000000000000000725185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074722dd73b619542021-12-21 12:51:14.944root 11241100x8000000000000000725186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67ba07ed95ee0bb2021-12-21 12:51:14.944root 11241100x8000000000000000725187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac42f41eef851b762021-12-21 12:51:14.944root 11241100x8000000000000000725188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0725843524f742f92021-12-21 12:51:14.945root 11241100x8000000000000000725189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f0cf68c472c552021-12-21 12:51:14.945root 11241100x8000000000000000725190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32701f7a25b83fa12021-12-21 12:51:14.945root 11241100x8000000000000000725191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdab79c7e14729b2021-12-21 12:51:14.945root 11241100x8000000000000000725192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507435e563d5be7e2021-12-21 12:51:14.945root 11241100x8000000000000000725193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0010594c6dafbb662021-12-21 12:51:14.945root 11241100x8000000000000000725194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c7138070caaa92021-12-21 12:51:14.945root 11241100x8000000000000000725195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0834272e156c34e82021-12-21 12:51:14.945root 11241100x8000000000000000725196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59ee7a9488c45ee2021-12-21 12:51:14.945root 11241100x8000000000000000725197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8113bea86741002021-12-21 12:51:14.945root 11241100x8000000000000000725198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8db6f9b4c69e8f32021-12-21 12:51:14.945root 11241100x8000000000000000725199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975677f6aa8c22cc2021-12-21 12:51:14.945root 11241100x8000000000000000725200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6592eb5e5463862021-12-21 12:51:14.945root 11241100x8000000000000000725201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aaccb6c13a6c6a2021-12-21 12:51:14.946root 11241100x8000000000000000725202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d050363439d3c2332021-12-21 12:51:14.946root 11241100x8000000000000000725203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3165f48a4c9aa43b2021-12-21 12:51:14.946root 11241100x8000000000000000725204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acf393a278ece3c2021-12-21 12:51:14.946root 11241100x8000000000000000725205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d46778d550d8012021-12-21 12:51:15.443root 11241100x8000000000000000725206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d13b9443f9baa82021-12-21 12:51:15.444root 11241100x8000000000000000725207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e583e8a6dff02a2021-12-21 12:51:15.444root 11241100x8000000000000000725208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9987234ab7c7ed332021-12-21 12:51:15.444root 11241100x8000000000000000725209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac414bc053f99b882021-12-21 12:51:15.444root 11241100x8000000000000000725210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28472c710f4366c92021-12-21 12:51:15.444root 11241100x8000000000000000725211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477da4037cdaa9442021-12-21 12:51:15.444root 11241100x8000000000000000725212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13d7372a8cea822021-12-21 12:51:15.444root 11241100x8000000000000000725213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b46e071dba33d92021-12-21 12:51:15.444root 11241100x8000000000000000725214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00f49d692285ea2021-12-21 12:51:15.444root 11241100x8000000000000000725215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bd54163a3981552021-12-21 12:51:15.444root 11241100x8000000000000000725216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1408de3b0c0c6b2021-12-21 12:51:15.445root 11241100x8000000000000000725217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2eb7a61a6a2d122021-12-21 12:51:15.445root 11241100x8000000000000000725218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a25e1f641c47c02021-12-21 12:51:15.445root 11241100x8000000000000000725219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfe9bbbb5eb92b2021-12-21 12:51:15.445root 11241100x8000000000000000725220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c19b62e8c8a701a2021-12-21 12:51:15.445root 11241100x8000000000000000725221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e0fb0c64901812021-12-21 12:51:15.445root 11241100x8000000000000000725222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f2604291b52672021-12-21 12:51:15.445root 11241100x8000000000000000725223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b6df8fecaac2f02021-12-21 12:51:15.445root 11241100x8000000000000000725224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddbeeedb9dee9ca2021-12-21 12:51:15.446root 11241100x8000000000000000725225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ee062ee70dd6e12021-12-21 12:51:15.446root 11241100x8000000000000000725226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a2622be32031ff2021-12-21 12:51:15.446root 11241100x8000000000000000725227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b13f92a0c78352021-12-21 12:51:15.446root 11241100x8000000000000000725228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aa79e3f40a7e402021-12-21 12:51:15.446root 11241100x8000000000000000725229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaeebc1e63d20ad72021-12-21 12:51:15.446root 11241100x8000000000000000725230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709e6dc3ff772a472021-12-21 12:51:15.942root 11241100x8000000000000000725231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfe8923f3e141172021-12-21 12:51:15.943root 11241100x8000000000000000725232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47474f203e0b90e92021-12-21 12:51:15.943root 11241100x8000000000000000725233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e13db26fb8a4752021-12-21 12:51:15.943root 11241100x8000000000000000725234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa45ae10483eda72021-12-21 12:51:15.943root 11241100x8000000000000000725235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07e841da96641a22021-12-21 12:51:15.943root 11241100x8000000000000000725236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12125d67c26afbdc2021-12-21 12:51:15.943root 11241100x8000000000000000725237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f785c3477bca8f12021-12-21 12:51:15.943root 11241100x8000000000000000725238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055413688f8f71c82021-12-21 12:51:15.943root 11241100x8000000000000000725239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0688ceaf90fa96be2021-12-21 12:51:15.944root 11241100x8000000000000000725240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6384c3c78e0b622021-12-21 12:51:15.944root 11241100x8000000000000000725241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310af87c52e810b02021-12-21 12:51:15.944root 11241100x8000000000000000725242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b636463007c8c2021-12-21 12:51:15.944root 11241100x8000000000000000725243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da604fea8138cf52021-12-21 12:51:15.944root 11241100x8000000000000000725244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0190aafc4da37a2021-12-21 12:51:15.944root 11241100x8000000000000000725245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ea00438c7e048b2021-12-21 12:51:15.944root 11241100x8000000000000000725246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae7e8b3138407b2021-12-21 12:51:15.945root 11241100x8000000000000000725247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119c3eb51d038db12021-12-21 12:51:15.945root 11241100x8000000000000000725248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b304f80e27280022021-12-21 12:51:15.945root 11241100x8000000000000000725249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e203fa6c5ab7c772021-12-21 12:51:15.945root 11241100x8000000000000000725250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b32c003b8cba78f2021-12-21 12:51:15.945root 11241100x8000000000000000725251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1adb950eeb92aa32021-12-21 12:51:15.945root 11241100x8000000000000000725252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248198b1351c3aff2021-12-21 12:51:15.945root 11241100x8000000000000000725253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd468199efdac9d72021-12-21 12:51:15.945root 11241100x8000000000000000725254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a65d5f3f5859ee62021-12-21 12:51:15.945root 11241100x8000000000000000725255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6779262c2b9ee5fe2021-12-21 12:51:15.946root 11241100x8000000000000000725256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b8d324739869322021-12-21 12:51:15.946root 11241100x8000000000000000725257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c4b60b03ac7d2b2021-12-21 12:51:15.946root 11241100x8000000000000000725258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7816b82db63a94ce2021-12-21 12:51:15.946root 11241100x8000000000000000725259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957913fdc99ebd992021-12-21 12:51:15.946root 11241100x8000000000000000725260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b243d003d31dab72021-12-21 12:51:15.947root 11241100x8000000000000000725261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd2ea1c63da7352021-12-21 12:51:16.443root 11241100x8000000000000000725262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c007564a16971e4d2021-12-21 12:51:16.443root 11241100x8000000000000000725263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe80f21962c3d20c2021-12-21 12:51:16.444root 11241100x8000000000000000725264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21788e33158b5a72021-12-21 12:51:16.444root 11241100x8000000000000000725265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ab1f0cd95ab74f2021-12-21 12:51:16.444root 11241100x8000000000000000725266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b431fc443fed682021-12-21 12:51:16.444root 11241100x8000000000000000725267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d926b46f5adf64382021-12-21 12:51:16.444root 11241100x8000000000000000725268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5082aa18ad6473c2021-12-21 12:51:16.445root 11241100x8000000000000000725269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e900097faeb30df32021-12-21 12:51:16.445root 11241100x8000000000000000725270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2b1323ca579fcd2021-12-21 12:51:16.445root 11241100x8000000000000000725271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08df085ce51184742021-12-21 12:51:16.445root 11241100x8000000000000000725272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6537a5817c747c2021-12-21 12:51:16.445root 11241100x8000000000000000725273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a815fc053a71f32021-12-21 12:51:16.445root 11241100x8000000000000000725274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90fe104fc68e66e2021-12-21 12:51:16.445root 11241100x8000000000000000725275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad16f8a76ccb3ee82021-12-21 12:51:16.445root 11241100x8000000000000000725276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c396824dcb2c0b22021-12-21 12:51:16.445root 11241100x8000000000000000725277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdfdf4c44955e882021-12-21 12:51:16.445root 11241100x8000000000000000725278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56269b2c906b4c2021-12-21 12:51:16.446root 11241100x8000000000000000725279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0887e3c652743ac2021-12-21 12:51:16.446root 11241100x8000000000000000725280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7f83a51b8d778f2021-12-21 12:51:16.446root 11241100x8000000000000000725281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47933ee87d51b2852021-12-21 12:51:16.446root 11241100x8000000000000000725282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35582f4c3b01d6992021-12-21 12:51:16.446root 11241100x8000000000000000725283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80388e2fd851821b2021-12-21 12:51:16.446root 11241100x8000000000000000725284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199dee3d2378e0c12021-12-21 12:51:16.446root 11241100x8000000000000000725285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052bfea13bdbd2082021-12-21 12:51:16.446root 11241100x8000000000000000725286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c61aa029cadb642021-12-21 12:51:16.446root 11241100x8000000000000000725287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1ef0b6068bfb1b2021-12-21 12:51:16.943root 11241100x8000000000000000725288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465c46c194f5ca2c2021-12-21 12:51:16.943root 11241100x8000000000000000725289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5814d99735768cec2021-12-21 12:51:16.943root 11241100x8000000000000000725290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bac1da60bd0f8862021-12-21 12:51:16.943root 11241100x8000000000000000725291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b646e2395095d2021-12-21 12:51:16.944root 11241100x8000000000000000725292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4a24beecc8a3aa2021-12-21 12:51:16.944root 11241100x8000000000000000725293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe83f65937e35a8d2021-12-21 12:51:16.944root 11241100x8000000000000000725294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872c8e9a03627a7b2021-12-21 12:51:16.944root 11241100x8000000000000000725295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bbaabcc5a0d4002021-12-21 12:51:16.944root 11241100x8000000000000000725296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf982e2c03d409ae2021-12-21 12:51:16.944root 11241100x8000000000000000725297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13da85a138dd162021-12-21 12:51:16.944root 11241100x8000000000000000725298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5addfe256d44764a2021-12-21 12:51:16.944root 11241100x8000000000000000725299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4c423c9e4d5c252021-12-21 12:51:16.944root 11241100x8000000000000000725300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048a0b07d70fb1d2021-12-21 12:51:16.944root 11241100x8000000000000000725301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93cafc61e52f9ed2021-12-21 12:51:16.945root 11241100x8000000000000000725302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c95c87e0f832db52021-12-21 12:51:16.945root 11241100x8000000000000000725303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b1aebaceae0de2021-12-21 12:51:16.945root 11241100x8000000000000000725304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac272841e7a8cfdb2021-12-21 12:51:16.945root 11241100x8000000000000000725305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddff4e269781b9742021-12-21 12:51:16.945root 11241100x8000000000000000725306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b47a26a7d5d4362021-12-21 12:51:16.945root 11241100x8000000000000000725307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d18ea90559a4e02021-12-21 12:51:16.945root 11241100x8000000000000000725308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13bc99956876fda2021-12-21 12:51:16.945root 11241100x8000000000000000725309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cefcdf3cdd21ebc2021-12-21 12:51:16.945root 11241100x8000000000000000725310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f721612a31b2c52021-12-21 12:51:16.945root 11241100x8000000000000000725311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4806821fdad81d2021-12-21 12:51:16.945root 11241100x8000000000000000725312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1336a75383430f2021-12-21 12:51:17.443root 11241100x8000000000000000725313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90be926412b42f32021-12-21 12:51:17.443root 11241100x8000000000000000725314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cdcf19be997b262021-12-21 12:51:17.444root 11241100x8000000000000000725315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09706bd5a6a02922021-12-21 12:51:17.444root 11241100x8000000000000000725316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5c6a0b41c2123e2021-12-21 12:51:17.444root 11241100x8000000000000000725317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277aeb4fc838dd242021-12-21 12:51:17.444root 11241100x8000000000000000725318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6371059d65dca7852021-12-21 12:51:17.444root 11241100x8000000000000000725319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ee6df740a83acd2021-12-21 12:51:17.444root 11241100x8000000000000000725320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4142ebbc1e1c7d22021-12-21 12:51:17.444root 11241100x8000000000000000725321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed97c051be38b5f2021-12-21 12:51:17.444root 11241100x8000000000000000725322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545cbf48886ce96c2021-12-21 12:51:17.444root 11241100x8000000000000000725323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c82397aded4f5c42021-12-21 12:51:17.444root 11241100x8000000000000000725324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d34a976f5bb0022021-12-21 12:51:17.444root 11241100x8000000000000000725325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5830e28fed81dd92021-12-21 12:51:17.444root 11241100x8000000000000000725326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c42f900089ef172021-12-21 12:51:17.444root 11241100x8000000000000000725327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabc691eafa0727f2021-12-21 12:51:17.445root 11241100x8000000000000000725328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bafceda6ebdc202021-12-21 12:51:17.445root 11241100x8000000000000000725329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6986726f5317331a2021-12-21 12:51:17.445root 11241100x8000000000000000725330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b61babc0e5da7e2021-12-21 12:51:17.445root 11241100x8000000000000000725331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e7768dbf45caa2021-12-21 12:51:17.445root 11241100x8000000000000000725332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ec8d71344b17a12021-12-21 12:51:17.445root 11241100x8000000000000000725333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165f10fed63c68b72021-12-21 12:51:17.445root 11241100x8000000000000000725334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f31b4590776da22021-12-21 12:51:17.445root 11241100x8000000000000000725335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17645927fa74f9e22021-12-21 12:51:17.445root 11241100x8000000000000000725336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a073d9da9e9952e2021-12-21 12:51:17.445root 11241100x8000000000000000725337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147e41e5c1f7ea632021-12-21 12:51:17.943root 11241100x8000000000000000725338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4b18b33642dddb2021-12-21 12:51:17.943root 11241100x8000000000000000725339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ee14f592af0e5e2021-12-21 12:51:17.943root 11241100x8000000000000000725340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a0e96c6a4fc492021-12-21 12:51:17.944root 11241100x8000000000000000725341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2f1dfd88a383412021-12-21 12:51:17.944root 11241100x8000000000000000725342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a937b67591288f2021-12-21 12:51:17.944root 11241100x8000000000000000725343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d545d75ddce83b2a2021-12-21 12:51:17.945root 11241100x8000000000000000725344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445b8cc6281e9ff2021-12-21 12:51:17.945root 11241100x8000000000000000725345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080ebbace00891da2021-12-21 12:51:17.945root 11241100x8000000000000000725346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cd0075f82858b12021-12-21 12:51:17.945root 11241100x8000000000000000725347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815251ba6aada8652021-12-21 12:51:17.945root 11241100x8000000000000000725348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291778739c55f37b2021-12-21 12:51:17.945root 11241100x8000000000000000725349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831d81987b3c20722021-12-21 12:51:17.945root 11241100x8000000000000000725350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be941273e2de36692021-12-21 12:51:17.945root 11241100x8000000000000000725351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef288722b937142021-12-21 12:51:17.946root 11241100x8000000000000000725352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6dbdb2bc6802ea2021-12-21 12:51:17.946root 11241100x8000000000000000725353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6366e3a34461432021-12-21 12:51:17.946root 11241100x8000000000000000725354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5054110cfc89a362021-12-21 12:51:17.946root 11241100x8000000000000000725355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437d8a8af88af6742021-12-21 12:51:17.946root 11241100x8000000000000000725356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b1a8c7e8a945d92021-12-21 12:51:17.946root 11241100x8000000000000000725357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d3889f27172492021-12-21 12:51:17.946root 11241100x8000000000000000725358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f9f10a3e8f21a2021-12-21 12:51:17.946root 11241100x8000000000000000725359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a722bf2605455b52021-12-21 12:51:17.946root 11241100x8000000000000000725360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1251f5c5a96fc9f32021-12-21 12:51:17.946root 11241100x8000000000000000725361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace233a77d265a662021-12-21 12:51:17.946root 11241100x8000000000000000725362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b47f1f89def421d2021-12-21 12:51:18.443root 11241100x8000000000000000725363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1d7ba506a760392021-12-21 12:51:18.443root 11241100x8000000000000000725364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7955a37024b05bef2021-12-21 12:51:18.443root 11241100x8000000000000000725365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4c4539729d5a6a2021-12-21 12:51:18.443root 11241100x8000000000000000725366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a0f3870e953cc2021-12-21 12:51:18.444root 11241100x8000000000000000725367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13985edb163d43632021-12-21 12:51:18.444root 11241100x8000000000000000725368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633ffcfd0a6b4b8a2021-12-21 12:51:18.444root 11241100x8000000000000000725369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9038c85c3cf25d932021-12-21 12:51:18.444root 11241100x8000000000000000725370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1792e7d415f4d82021-12-21 12:51:18.444root 11241100x8000000000000000725371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dd8ba5b98e7bfd2021-12-21 12:51:18.444root 11241100x8000000000000000725372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651781d46a5981e82021-12-21 12:51:18.444root 11241100x8000000000000000725373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71391c82337e347c2021-12-21 12:51:18.444root 11241100x8000000000000000725374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337d9ad6ffe35f722021-12-21 12:51:18.444root 11241100x8000000000000000725375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdab13d9729747a2021-12-21 12:51:18.444root 11241100x8000000000000000725376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76051406f377b6ec2021-12-21 12:51:18.445root 11241100x8000000000000000725377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64580ee4b25b76ab2021-12-21 12:51:18.445root 11241100x8000000000000000725378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b81444296d3c02021-12-21 12:51:18.445root 11241100x8000000000000000725379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e156239a41585f62021-12-21 12:51:18.445root 11241100x8000000000000000725380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4ae1aa2c154db92021-12-21 12:51:18.445root 11241100x8000000000000000725381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ef4e8ef909dfb72021-12-21 12:51:18.445root 11241100x8000000000000000725382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114b2423157c00142021-12-21 12:51:18.445root 11241100x8000000000000000725383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9cb96db294e93c2021-12-21 12:51:18.445root 11241100x8000000000000000725384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760c94cabbb36e8e2021-12-21 12:51:18.445root 11241100x8000000000000000725385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b25cdeeb2677a2021-12-21 12:51:18.446root 11241100x8000000000000000725386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a38f1cc4049e3f2021-12-21 12:51:18.446root 11241100x8000000000000000725387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f999b6a812ce302021-12-21 12:51:18.943root 11241100x8000000000000000725388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fec73ef9c76f072021-12-21 12:51:18.943root 11241100x8000000000000000725389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae550deff30954692021-12-21 12:51:18.943root 11241100x8000000000000000725390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46836a4bc335151a2021-12-21 12:51:18.943root 11241100x8000000000000000725391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021027d8c4349d72021-12-21 12:51:18.944root 11241100x8000000000000000725392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c49113403565382021-12-21 12:51:18.944root 11241100x8000000000000000725393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a92d316dc572ab2021-12-21 12:51:18.944root 11241100x8000000000000000725394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5df74f46d81ab072021-12-21 12:51:18.944root 11241100x8000000000000000725395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d2bc94549f6ef2021-12-21 12:51:18.944root 11241100x8000000000000000725396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675eacc7963bbd172021-12-21 12:51:18.944root 11241100x8000000000000000725397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367adf9c5d5ebfc52021-12-21 12:51:18.944root 11241100x8000000000000000725398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634e93534abee79a2021-12-21 12:51:18.944root 11241100x8000000000000000725399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4316fa09c117ad92021-12-21 12:51:18.944root 11241100x8000000000000000725400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee86d9881d0e6c0b2021-12-21 12:51:18.944root 11241100x8000000000000000725401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef11f1fd89d9c4a92021-12-21 12:51:18.945root 11241100x8000000000000000725402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f76a05b0205cd142021-12-21 12:51:18.945root 11241100x8000000000000000725403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a5c5700b358d452021-12-21 12:51:18.945root 11241100x8000000000000000725404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8367a1916e7e72021-12-21 12:51:18.945root 11241100x8000000000000000725405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e16cf2cc9daa6b2021-12-21 12:51:18.945root 11241100x8000000000000000725406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76639ae5b5e27ec2021-12-21 12:51:18.945root 11241100x8000000000000000725407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16da0299b44b6582021-12-21 12:51:18.945root 11241100x8000000000000000725408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2cc884b80b7632021-12-21 12:51:18.945root 11241100x8000000000000000725409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad32f2a9740fa1c72021-12-21 12:51:18.945root 11241100x8000000000000000725410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c426c697c84493622021-12-21 12:51:18.945root 11241100x8000000000000000725411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5e2b90011cc022021-12-21 12:51:18.945root 354300x8000000000000000725412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.249{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50580-false10.0.1.12-8000- 11241100x8000000000000000725413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec539edbeddc1052021-12-21 12:51:19.250root 11241100x8000000000000000725414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d8dd3b6b8e80e2021-12-21 12:51:19.250root 11241100x8000000000000000725415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9f152900092b9f2021-12-21 12:51:19.250root 11241100x8000000000000000725416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc95e147077e4632021-12-21 12:51:19.250root 11241100x8000000000000000725417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0effb3cb1e3d18b2021-12-21 12:51:19.250root 11241100x8000000000000000725418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d7d5b0f7e1fbd22021-12-21 12:51:19.250root 11241100x8000000000000000725419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9e9b31e8a970c92021-12-21 12:51:19.250root 11241100x8000000000000000725420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339cbc69f75fb3cd2021-12-21 12:51:19.250root 11241100x8000000000000000725421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf1527017984fdf2021-12-21 12:51:19.251root 11241100x8000000000000000725422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df31ac5f8aed0a3d2021-12-21 12:51:19.251root 11241100x8000000000000000725423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e812a18dc3b5b62021-12-21 12:51:19.251root 11241100x8000000000000000725424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b075ac4e2927fc32021-12-21 12:51:19.251root 11241100x8000000000000000725425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996348c0852261aa2021-12-21 12:51:19.251root 11241100x8000000000000000725426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdc6e88f0f6c9352021-12-21 12:51:19.251root 11241100x8000000000000000725427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310d90d51371fa672021-12-21 12:51:19.251root 11241100x8000000000000000725428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13676c78206ca08f2021-12-21 12:51:19.251root 11241100x8000000000000000725429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e2782c39b329782021-12-21 12:51:19.251root 11241100x8000000000000000725430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c5da0ae708a0d82021-12-21 12:51:19.252root 11241100x8000000000000000725431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb44a7d6ab96ff02021-12-21 12:51:19.252root 11241100x8000000000000000725432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8d560aa738d062021-12-21 12:51:19.252root 11241100x8000000000000000725433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e76ad2600eb26e2021-12-21 12:51:19.252root 11241100x8000000000000000725434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17195712ccda31202021-12-21 12:51:19.252root 11241100x8000000000000000725435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0946677fbdc4a4662021-12-21 12:51:19.252root 11241100x8000000000000000725436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588a2dbd6a20121d2021-12-21 12:51:19.252root 11241100x8000000000000000725437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2640f0b29d54ee2021-12-21 12:51:19.252root 11241100x8000000000000000725438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19630530ea50c532021-12-21 12:51:19.252root 11241100x8000000000000000725439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b6a90c0619c11b2021-12-21 12:51:19.252root 11241100x8000000000000000725440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2f9298b85b7a6b2021-12-21 12:51:19.693root 11241100x8000000000000000725441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bde8f566758e2c2021-12-21 12:51:19.694root 11241100x8000000000000000725442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4704d3bc80fbc812021-12-21 12:51:19.694root 11241100x8000000000000000725443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de6a3bf0d1204df2021-12-21 12:51:19.694root 11241100x8000000000000000725444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf411837c054176b2021-12-21 12:51:19.694root 11241100x8000000000000000725445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea700d120b7e7692021-12-21 12:51:19.694root 11241100x8000000000000000725446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ba7bcf53915542021-12-21 12:51:19.695root 11241100x8000000000000000725447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da56a2bba89ecd0f2021-12-21 12:51:19.695root 11241100x8000000000000000725448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e888b1723de6962021-12-21 12:51:19.695root 11241100x8000000000000000725449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebabad7b5e9e9b932021-12-21 12:51:19.695root 11241100x8000000000000000725450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7445653616ee79e42021-12-21 12:51:19.695root 11241100x8000000000000000725451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ac511e328bc1822021-12-21 12:51:19.697root 11241100x8000000000000000725452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9784547f0272bc42021-12-21 12:51:19.697root 11241100x8000000000000000725453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4085bf4f87a57d2021-12-21 12:51:19.697root 11241100x8000000000000000725454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c5831b8b24712c2021-12-21 12:51:19.697root 11241100x8000000000000000725455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8af7502f85f783f2021-12-21 12:51:19.697root 11241100x8000000000000000725456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774cfe2911a8d0a42021-12-21 12:51:19.698root 11241100x8000000000000000725457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347f4850cdc9ed472021-12-21 12:51:19.698root 11241100x8000000000000000725458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b04e3dfbb625a2021-12-21 12:51:19.698root 11241100x8000000000000000725459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f405857aea6e0812021-12-21 12:51:19.698root 11241100x8000000000000000725460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bdb178165833c32021-12-21 12:51:19.698root 11241100x8000000000000000725461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7115f1a2c22182021-12-21 12:51:19.698root 11241100x8000000000000000725462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf7e1558322dad22021-12-21 12:51:19.698root 11241100x8000000000000000725463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9d4cd9030f4b362021-12-21 12:51:19.698root 11241100x8000000000000000725464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1436ae2e41a78be32021-12-21 12:51:19.698root 11241100x8000000000000000725465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63fa2303ebc6fce2021-12-21 12:51:19.698root 11241100x8000000000000000725466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0784f36f88572ba52021-12-21 12:51:20.193root 11241100x8000000000000000725467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b0da4dffa23a162021-12-21 12:51:20.194root 11241100x8000000000000000725468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2008824b2295e62021-12-21 12:51:20.194root 11241100x8000000000000000725469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e591e8fc876305b2021-12-21 12:51:20.194root 11241100x8000000000000000725470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef931947ad3359d2021-12-21 12:51:20.194root 11241100x8000000000000000725471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a00ebddad6da832021-12-21 12:51:20.194root 11241100x8000000000000000725472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f544e1e22c46c92021-12-21 12:51:20.194root 11241100x8000000000000000725473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe327e5a8b36ba1d2021-12-21 12:51:20.194root 11241100x8000000000000000725474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f17e3ae4af68fa2021-12-21 12:51:20.194root 11241100x8000000000000000725475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474eedd331b0075d2021-12-21 12:51:20.194root 11241100x8000000000000000725476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ff610786b6263a2021-12-21 12:51:20.194root 11241100x8000000000000000725477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e65c1a39715bcc72021-12-21 12:51:20.194root 11241100x8000000000000000725478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d3910e1139befe2021-12-21 12:51:20.194root 11241100x8000000000000000725479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d643d978b1ee8c672021-12-21 12:51:20.194root 11241100x8000000000000000725480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d247d0044e2e6c32021-12-21 12:51:20.194root 11241100x8000000000000000725481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29a4cacac8f8e082021-12-21 12:51:20.195root 11241100x8000000000000000725482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf5f8e08a85b68c2021-12-21 12:51:20.195root 11241100x8000000000000000725483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de23033c4c0879be2021-12-21 12:51:20.195root 11241100x8000000000000000725484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c6a0fc2f85654c2021-12-21 12:51:20.195root 11241100x8000000000000000725485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae745f7a711448932021-12-21 12:51:20.195root 11241100x8000000000000000725486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49d27911f3d99692021-12-21 12:51:20.195root 11241100x8000000000000000725487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c6a2f8c8dc85d2021-12-21 12:51:20.195root 11241100x8000000000000000725488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70df351e823c6b642021-12-21 12:51:20.195root 11241100x8000000000000000725489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ff0ed57eded23a2021-12-21 12:51:20.195root 11241100x8000000000000000725490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea36ff79a47af5e2021-12-21 12:51:20.195root 11241100x8000000000000000725491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d40c4de4f57e5922021-12-21 12:51:20.195root 11241100x8000000000000000725492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93799cd5e1ae43442021-12-21 12:51:20.693root 11241100x8000000000000000725493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d9f786c90e75e82021-12-21 12:51:20.694root 11241100x8000000000000000725494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d429cddf3d329ac2021-12-21 12:51:20.694root 11241100x8000000000000000725495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c8163f262c52a22021-12-21 12:51:20.694root 11241100x8000000000000000725496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafa570ae44b4b822021-12-21 12:51:20.694root 11241100x8000000000000000725497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e99bc43cfba8b22021-12-21 12:51:20.694root 11241100x8000000000000000725498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16141e4a3422d3202021-12-21 12:51:20.694root 11241100x8000000000000000725499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684dffdbb3dc46652021-12-21 12:51:20.694root 11241100x8000000000000000725500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbebb9575c91dfe2021-12-21 12:51:20.694root 11241100x8000000000000000725501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3282e48e03d2832021-12-21 12:51:20.694root 11241100x8000000000000000725502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd6e49da71e9bd2021-12-21 12:51:20.694root 11241100x8000000000000000725503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e342581dac956da92021-12-21 12:51:20.694root 11241100x8000000000000000725504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3283edca769865ee2021-12-21 12:51:20.694root 11241100x8000000000000000725505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd16ce9199ec1602021-12-21 12:51:20.694root 11241100x8000000000000000725506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a965087dd26e1d62021-12-21 12:51:20.694root 11241100x8000000000000000725507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5649bf25748a58322021-12-21 12:51:20.694root 11241100x8000000000000000725508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4647247102f725862021-12-21 12:51:20.695root 11241100x8000000000000000725509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abbfeafeaf1b9d82021-12-21 12:51:20.695root 11241100x8000000000000000725510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ab6d3bc8d5a19e2021-12-21 12:51:20.695root 11241100x8000000000000000725511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896a8514e65f51d02021-12-21 12:51:20.695root 11241100x8000000000000000725512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306a14c4339941cb2021-12-21 12:51:20.695root 11241100x8000000000000000725513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bab40c830d3d5ee2021-12-21 12:51:20.695root 11241100x8000000000000000725514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6dc96ead28e64e2021-12-21 12:51:20.695root 11241100x8000000000000000725515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0635f8ac0e24167f2021-12-21 12:51:20.695root 11241100x8000000000000000725516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b75b3a7742446662021-12-21 12:51:20.695root 11241100x8000000000000000725517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bbb01bcd8b8f832021-12-21 12:51:20.695root 11241100x8000000000000000725518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26b46d01c586bbd2021-12-21 12:51:21.194root 11241100x8000000000000000725519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b6c7904302718d2021-12-21 12:51:21.194root 11241100x8000000000000000725520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d390e9391b75da42021-12-21 12:51:21.194root 11241100x8000000000000000725521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda1ebd8ce847aba2021-12-21 12:51:21.194root 11241100x8000000000000000725522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc137b4803a198f52021-12-21 12:51:21.194root 11241100x8000000000000000725523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43226d84bde208072021-12-21 12:51:21.194root 11241100x8000000000000000725524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8861c237a49322021-12-21 12:51:21.194root 11241100x8000000000000000725525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e328bbef6c697e2021-12-21 12:51:21.194root 11241100x8000000000000000725526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0441fafa897d228c2021-12-21 12:51:21.194root 11241100x8000000000000000725527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e016716eb3f5e2021-12-21 12:51:21.194root 11241100x8000000000000000725528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cc4f60f72b68f82021-12-21 12:51:21.194root 11241100x8000000000000000725529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6b7dd0a8718b052021-12-21 12:51:21.194root 11241100x8000000000000000725530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2916b766455b7a6b2021-12-21 12:51:21.195root 11241100x8000000000000000725531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e756b5aca2f244a62021-12-21 12:51:21.195root 11241100x8000000000000000725532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6438732571a6ff22021-12-21 12:51:21.195root 11241100x8000000000000000725533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05cf471262cd59c2021-12-21 12:51:21.195root 11241100x8000000000000000725534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaba972f76b9efe2021-12-21 12:51:21.195root 11241100x8000000000000000725535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880eff078535d3ac2021-12-21 12:51:21.195root 11241100x8000000000000000725536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b72b32164e5edce2021-12-21 12:51:21.195root 11241100x8000000000000000725537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e49d8979a0ebf392021-12-21 12:51:21.195root 11241100x8000000000000000725538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ff00c62fb1bf9c2021-12-21 12:51:21.195root 11241100x8000000000000000725539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f7a73a2178af922021-12-21 12:51:21.195root 11241100x8000000000000000725540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4df8768bfa1aa62021-12-21 12:51:21.195root 11241100x8000000000000000725541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad901075e53c18342021-12-21 12:51:21.195root 11241100x8000000000000000725542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9074a62e79f8952021-12-21 12:51:21.195root 11241100x8000000000000000725543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b9ff72328987972021-12-21 12:51:21.195root 11241100x8000000000000000725544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59749fa9c5b539fe2021-12-21 12:51:21.694root 11241100x8000000000000000725545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57257043c212d8d2021-12-21 12:51:21.694root 11241100x8000000000000000725546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ea8385e22e1232021-12-21 12:51:21.694root 11241100x8000000000000000725547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbce64e7ba67647c2021-12-21 12:51:21.694root 11241100x8000000000000000725548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b507ab1442d41862021-12-21 12:51:21.694root 11241100x8000000000000000725549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f58dcdeb3981a82021-12-21 12:51:21.694root 11241100x8000000000000000725550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61900c52175b7d72021-12-21 12:51:21.694root 11241100x8000000000000000725551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbb368b343a12f92021-12-21 12:51:21.694root 11241100x8000000000000000725552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ad6e3a5c8609fe2021-12-21 12:51:21.694root 11241100x8000000000000000725553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24560814e9291b92021-12-21 12:51:21.694root 11241100x8000000000000000725554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0145ac5cea00ff2021-12-21 12:51:21.694root 11241100x8000000000000000725555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1040b8c09702792021-12-21 12:51:21.694root 11241100x8000000000000000725556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f3a60e1f6aba9b2021-12-21 12:51:21.694root 11241100x8000000000000000725557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37339544c98ebf2021-12-21 12:51:21.694root 11241100x8000000000000000725558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3574bc3f727132b32021-12-21 12:51:21.695root 11241100x8000000000000000725559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfebdab73135f5b2021-12-21 12:51:21.695root 11241100x8000000000000000725560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96156f5b30aa6b22021-12-21 12:51:21.695root 11241100x8000000000000000725561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098e6bc3ad107bf52021-12-21 12:51:21.695root 11241100x8000000000000000725562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803ad9d082e6bc02021-12-21 12:51:21.695root 11241100x8000000000000000725563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07954b268ad35fdd2021-12-21 12:51:21.695root 11241100x8000000000000000725564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c1493c656dd9322021-12-21 12:51:21.695root 11241100x8000000000000000725565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9171ee185bf830af2021-12-21 12:51:21.695root 11241100x8000000000000000725566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec27c3239989ae02021-12-21 12:51:21.695root 11241100x8000000000000000725567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d51be97d1cb92c2021-12-21 12:51:21.695root 11241100x8000000000000000725568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d689a7f7c1cb792021-12-21 12:51:21.695root 11241100x8000000000000000725569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e61e04a427ec832021-12-21 12:51:21.695root 11241100x8000000000000000725570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f36325a02bbf3462021-12-21 12:51:22.193root 11241100x8000000000000000725571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31be1da01f415e822021-12-21 12:51:22.193root 11241100x8000000000000000725572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35b7e2fb8c70b12021-12-21 12:51:22.193root 11241100x8000000000000000725573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bb4703d8e9663c2021-12-21 12:51:22.193root 11241100x8000000000000000725574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716046c891c559e02021-12-21 12:51:22.193root 11241100x8000000000000000725575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e294c6066a8a44232021-12-21 12:51:22.193root 11241100x8000000000000000725576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6f31d2b87b4dca2021-12-21 12:51:22.193root 11241100x8000000000000000725577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c703aa25f86b31b92021-12-21 12:51:22.194root 11241100x8000000000000000725578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b7a2d888e4df5f2021-12-21 12:51:22.194root 11241100x8000000000000000725579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f0aa72bb8b78c22021-12-21 12:51:22.194root 11241100x8000000000000000725580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74a2889c1c07d592021-12-21 12:51:22.194root 11241100x8000000000000000725581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68217ce80e43982021-12-21 12:51:22.194root 11241100x8000000000000000725582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e038fe121db7c2021-12-21 12:51:22.195root 11241100x8000000000000000725583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea7873548275fff2021-12-21 12:51:22.195root 11241100x8000000000000000725584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe9f9c1f1a84fde2021-12-21 12:51:22.195root 11241100x8000000000000000725585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed3bd958022c8df2021-12-21 12:51:22.195root 11241100x8000000000000000725586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef3ee1d327e58312021-12-21 12:51:22.195root 11241100x8000000000000000725587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad115ae6480c4be2021-12-21 12:51:22.195root 11241100x8000000000000000725588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac6dcf3bbde722b2021-12-21 12:51:22.195root 11241100x8000000000000000725589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4820e9279710472021-12-21 12:51:22.196root 11241100x8000000000000000725590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0742e9a9dff8c9e2021-12-21 12:51:22.196root 11241100x8000000000000000725591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f182ca12d8ced67a2021-12-21 12:51:22.196root 11241100x8000000000000000725592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ea89e5b40539fa2021-12-21 12:51:22.196root 11241100x8000000000000000725593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2c7810ac3ce9ca2021-12-21 12:51:22.196root 11241100x8000000000000000725594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28db27069a5e48c2021-12-21 12:51:22.196root 11241100x8000000000000000725595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2cac045d0abccc2021-12-21 12:51:22.196root 11241100x8000000000000000725596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088c405d6308cc062021-12-21 12:51:22.196root 11241100x8000000000000000725597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8d34d3747cfdda2021-12-21 12:51:22.196root 11241100x8000000000000000725598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b8a95254e4aa5b2021-12-21 12:51:22.196root 11241100x8000000000000000725599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e9c33ad300edce2021-12-21 12:51:22.196root 11241100x8000000000000000725600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2659b6082a7945ad2021-12-21 12:51:22.196root 11241100x8000000000000000725601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503853138efc67c62021-12-21 12:51:22.197root 11241100x8000000000000000725602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2294493aa5fdfd282021-12-21 12:51:22.198root 11241100x8000000000000000725603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83497fb0933a3402021-12-21 12:51:22.693root 11241100x8000000000000000725604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787064232626ead2021-12-21 12:51:22.693root 11241100x8000000000000000725605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fac5c2be9490d9a2021-12-21 12:51:22.693root 11241100x8000000000000000725606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd021f115fc693c62021-12-21 12:51:22.693root 11241100x8000000000000000725607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3228c9868ff2c022021-12-21 12:51:22.694root 11241100x8000000000000000725608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288014b29b0794092021-12-21 12:51:22.694root 11241100x8000000000000000725609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b946b599b3c8911a2021-12-21 12:51:22.694root 11241100x8000000000000000725610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c2e023439985d82021-12-21 12:51:22.694root 11241100x8000000000000000725611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0ccc86641eacd32021-12-21 12:51:22.694root 11241100x8000000000000000725612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b21bc3c35d792f2021-12-21 12:51:22.694root 11241100x8000000000000000725613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac42ed881fe2d2422021-12-21 12:51:22.695root 11241100x8000000000000000725614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd76f4882d9d49f2021-12-21 12:51:22.695root 11241100x8000000000000000725615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec30a1f84c78b352021-12-21 12:51:22.695root 11241100x8000000000000000725616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad2b09410626fb2021-12-21 12:51:22.695root 11241100x8000000000000000725617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555929e063d88a92021-12-21 12:51:22.695root 11241100x8000000000000000725618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24247149c5e957972021-12-21 12:51:22.695root 11241100x8000000000000000725619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3fc0f43e8a88432021-12-21 12:51:22.695root 11241100x8000000000000000725620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ec776c7f682fbf2021-12-21 12:51:22.695root 11241100x8000000000000000725621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b7f62bc1cfb2642021-12-21 12:51:22.695root 11241100x8000000000000000725622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df126a677ca560252021-12-21 12:51:22.696root 11241100x8000000000000000725623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b556af3bc76722021-12-21 12:51:22.696root 11241100x8000000000000000725624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04ff757b93835d52021-12-21 12:51:22.696root 11241100x8000000000000000725625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf83f900415f54d2021-12-21 12:51:22.696root 11241100x8000000000000000725626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46712142e8f9b7d72021-12-21 12:51:22.696root 11241100x8000000000000000725627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f866e09478227af72021-12-21 12:51:22.696root 11241100x8000000000000000725628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47612c5c348f8832021-12-21 12:51:22.697root 11241100x8000000000000000725629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71f415271d7fe222021-12-21 12:51:22.697root 11241100x8000000000000000725630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59749761c00c287d2021-12-21 12:51:22.697root 11241100x8000000000000000725631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd55839e456370012021-12-21 12:51:22.700root 11241100x8000000000000000725632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcb9a3f5a373d812021-12-21 12:51:23.193root 11241100x8000000000000000725633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9873d8e8ed2244b62021-12-21 12:51:23.193root 11241100x8000000000000000725634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8e63956353dd022021-12-21 12:51:23.193root 11241100x8000000000000000725635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f740673fcd5acb2021-12-21 12:51:23.193root 11241100x8000000000000000725636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35aebc05e33c2692021-12-21 12:51:23.193root 11241100x8000000000000000725637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4326a98802cc682021-12-21 12:51:23.193root 11241100x8000000000000000725638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d72cea739cf3ae2021-12-21 12:51:23.193root 11241100x8000000000000000725639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5bfd3ca1b12acb2021-12-21 12:51:23.194root 11241100x8000000000000000725640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b84cf3336a945d2021-12-21 12:51:23.194root 11241100x8000000000000000725641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62324281ad8196a82021-12-21 12:51:23.194root 11241100x8000000000000000725642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1774ef84c37bd92021-12-21 12:51:23.194root 11241100x8000000000000000725643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6d1068e06bcc42021-12-21 12:51:23.195root 11241100x8000000000000000725644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbced7c322b7f7b2021-12-21 12:51:23.195root 11241100x8000000000000000725645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866ac58b990b942b2021-12-21 12:51:23.195root 11241100x8000000000000000725646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3891fdf95a94ff2021-12-21 12:51:23.195root 11241100x8000000000000000725647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfe3961059812262021-12-21 12:51:23.195root 11241100x8000000000000000725648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500231defea3f4032021-12-21 12:51:23.196root 11241100x8000000000000000725649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3303571d415a72b02021-12-21 12:51:23.196root 11241100x8000000000000000725650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bad26825a454d2b2021-12-21 12:51:23.196root 11241100x8000000000000000725651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631cd83ee27b45672021-12-21 12:51:23.196root 11241100x8000000000000000725652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761e50e831e172812021-12-21 12:51:23.196root 11241100x8000000000000000725653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fa354e79c3840a2021-12-21 12:51:23.196root 11241100x8000000000000000725654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f5b2ec8ed533d22021-12-21 12:51:23.196root 11241100x8000000000000000725655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732824471c2844262021-12-21 12:51:23.196root 11241100x8000000000000000725656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b484d8c581c9702021-12-21 12:51:23.196root 11241100x8000000000000000725657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3876b2e6acfc6f22021-12-21 12:51:23.196root 11241100x8000000000000000725658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c221ae92f63c02021-12-21 12:51:23.197root 11241100x8000000000000000725659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73534a8a24e2d32a2021-12-21 12:51:23.693root 11241100x8000000000000000725660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecaf9b9a6058d5c2021-12-21 12:51:23.693root 11241100x8000000000000000725661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071a397606e496d42021-12-21 12:51:23.693root 11241100x8000000000000000725662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d5c9630adbca502021-12-21 12:51:23.693root 11241100x8000000000000000725663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4416e1606264a52021-12-21 12:51:23.693root 11241100x8000000000000000725664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693f79bb952fe25f2021-12-21 12:51:23.693root 11241100x8000000000000000725665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837243ebda1988f52021-12-21 12:51:23.694root 11241100x8000000000000000725666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8822bbf5d63d89492021-12-21 12:51:23.694root 11241100x8000000000000000725667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86c9197db46aca22021-12-21 12:51:23.694root 11241100x8000000000000000725668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bff24724198a23a2021-12-21 12:51:23.694root 11241100x8000000000000000725669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d485e34e0d1cec82021-12-21 12:51:23.695root 11241100x8000000000000000725670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc1f31f3b3256b32021-12-21 12:51:23.695root 11241100x8000000000000000725671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5172e96b72ed1d972021-12-21 12:51:23.695root 11241100x8000000000000000725672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c4701d639329f2021-12-21 12:51:23.695root 11241100x8000000000000000725673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ac7318d2cd9112021-12-21 12:51:23.696root 11241100x8000000000000000725674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4e9187de4413c02021-12-21 12:51:23.696root 11241100x8000000000000000725675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175ea12c00783feb2021-12-21 12:51:23.696root 11241100x8000000000000000725676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b35bf90f4990cb2021-12-21 12:51:23.696root 11241100x8000000000000000725677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d22f188d2bd99572021-12-21 12:51:23.696root 11241100x8000000000000000725678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735437ca73c4251e2021-12-21 12:51:23.696root 11241100x8000000000000000725679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2fa9ebbb3608812021-12-21 12:51:23.696root 11241100x8000000000000000725680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e9bc293edf58c92021-12-21 12:51:23.696root 11241100x8000000000000000725681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a499aa014961c2021-12-21 12:51:23.696root 11241100x8000000000000000725682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0390792ddc584a2021-12-21 12:51:23.696root 11241100x8000000000000000725683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580d0dda0c3da49e2021-12-21 12:51:23.696root 11241100x8000000000000000725684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d245fc7631d533352021-12-21 12:51:23.696root 11241100x8000000000000000725685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f2ce549a7f993a2021-12-21 12:51:23.696root 11241100x8000000000000000725686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be52a9e7e59090632021-12-21 12:51:23.697root 11241100x8000000000000000725687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782bd3d6be06a6f42021-12-21 12:51:24.193root 11241100x8000000000000000725688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be1d3d2ab4f20d2021-12-21 12:51:24.193root 11241100x8000000000000000725689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571d6a58d9c6d7fb2021-12-21 12:51:24.193root 11241100x8000000000000000725690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5f5ea8cb5cec7f2021-12-21 12:51:24.193root 11241100x8000000000000000725691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9364cb58cfddc2021-12-21 12:51:24.193root 11241100x8000000000000000725692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1970e050e21a60a12021-12-21 12:51:24.193root 11241100x8000000000000000725693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b834707525fcce5a2021-12-21 12:51:24.194root 11241100x8000000000000000725694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d39d011bca44ea2021-12-21 12:51:24.194root 11241100x8000000000000000725695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3474cc82f98413172021-12-21 12:51:24.194root 11241100x8000000000000000725696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebcb836993dd5de2021-12-21 12:51:24.194root 11241100x8000000000000000725697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9abbdc303bd98592021-12-21 12:51:24.194root 11241100x8000000000000000725698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5b0f39d9e31ee12021-12-21 12:51:24.194root 11241100x8000000000000000725699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022daeee421dab172021-12-21 12:51:24.194root 11241100x8000000000000000725700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314c3084930e89e22021-12-21 12:51:24.195root 11241100x8000000000000000725701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6af4b7d61362e52021-12-21 12:51:24.195root 11241100x8000000000000000725702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916aa4be5d4d3bca2021-12-21 12:51:24.195root 11241100x8000000000000000725703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fd56a6bf252e4e2021-12-21 12:51:24.195root 11241100x8000000000000000725704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1aec48038a3a0f2021-12-21 12:51:24.196root 11241100x8000000000000000725705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078fc0a72e6c5afd2021-12-21 12:51:24.196root 11241100x8000000000000000725706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b686ea56de22ceb32021-12-21 12:51:24.196root 11241100x8000000000000000725707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de061f0a29899b5e2021-12-21 12:51:24.196root 11241100x8000000000000000725708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9149dc0e808c492021-12-21 12:51:24.196root 11241100x8000000000000000725709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe7533d86c8384b2021-12-21 12:51:24.196root 11241100x8000000000000000725710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e911103f79a0fac2021-12-21 12:51:24.196root 11241100x8000000000000000725711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41f8312995f6f622021-12-21 12:51:24.196root 11241100x8000000000000000725712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cc6d103e378f52021-12-21 12:51:24.196root 11241100x8000000000000000725713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516c89bf002f2d422021-12-21 12:51:24.693root 11241100x8000000000000000725714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c2090140b687e12021-12-21 12:51:24.693root 11241100x8000000000000000725715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef00f98eb727bd32021-12-21 12:51:24.693root 11241100x8000000000000000725716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8fe1d9a540ecce2021-12-21 12:51:24.694root 11241100x8000000000000000725717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00f388eda407f272021-12-21 12:51:24.694root 11241100x8000000000000000725718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3af74fb7ffab0b2021-12-21 12:51:24.694root 11241100x8000000000000000725719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa55a142621de522021-12-21 12:51:24.694root 11241100x8000000000000000725720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f9f54f0429379b2021-12-21 12:51:24.694root 11241100x8000000000000000725721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b633cf7502b9762021-12-21 12:51:24.694root 11241100x8000000000000000725722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee282f3ae862da92021-12-21 12:51:24.694root 11241100x8000000000000000725723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d66ce9a2761c682021-12-21 12:51:24.694root 11241100x8000000000000000725724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1db16f7c8bd4ba2021-12-21 12:51:24.694root 11241100x8000000000000000725725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4216bcea92358ca32021-12-21 12:51:24.694root 11241100x8000000000000000725726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d12c6a3e6149a8f2021-12-21 12:51:24.694root 11241100x8000000000000000725727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6fe0630f373e982021-12-21 12:51:24.695root 11241100x8000000000000000725728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681141a374d538a82021-12-21 12:51:24.695root 11241100x8000000000000000725729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1547e95fafe850d2021-12-21 12:51:24.695root 11241100x8000000000000000725730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabdf9ae9e6345c72021-12-21 12:51:24.695root 11241100x8000000000000000725731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b282ca81566c712021-12-21 12:51:24.695root 11241100x8000000000000000725732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed732188bbb70c2021-12-21 12:51:24.695root 11241100x8000000000000000725733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5036a61c0d30ebb52021-12-21 12:51:24.695root 11241100x8000000000000000725734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bafb63a0c2a65b2021-12-21 12:51:24.695root 11241100x8000000000000000725735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066aca407d3ba8542021-12-21 12:51:24.695root 11241100x8000000000000000725736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f92f2e20b5d4aec2021-12-21 12:51:24.696root 11241100x8000000000000000725737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbfff135c9660102021-12-21 12:51:24.696root 11241100x8000000000000000725738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb25657b849a9872021-12-21 12:51:24.696root 11241100x8000000000000000725739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55459061447dd63b2021-12-21 12:51:25.193root 11241100x8000000000000000725740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51438978d1a7aa462021-12-21 12:51:25.194root 11241100x8000000000000000725741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57060670cf241202021-12-21 12:51:25.194root 354300x8000000000000000725742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50582-false10.0.1.12-8000- 11241100x8000000000000000725743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b1d37487ebb0072021-12-21 12:51:25.194root 11241100x8000000000000000725744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c828ab26d1e633502021-12-21 12:51:25.194root 11241100x8000000000000000725745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e039b4c91e81b602021-12-21 12:51:25.194root 11241100x8000000000000000725746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7055c28b7f10362021-12-21 12:51:25.195root 11241100x8000000000000000725747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07d255a904f4692021-12-21 12:51:25.195root 11241100x8000000000000000725748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18cdfc2cc7d33002021-12-21 12:51:25.195root 11241100x8000000000000000725749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8938731caded0052021-12-21 12:51:25.195root 11241100x8000000000000000725750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1fe00f60fc83132021-12-21 12:51:25.195root 11241100x8000000000000000725751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646d18425f7d6e542021-12-21 12:51:25.195root 11241100x8000000000000000725752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b01565f6085dc902021-12-21 12:51:25.195root 11241100x8000000000000000725753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbc4a091cbbd61c2021-12-21 12:51:25.196root 11241100x8000000000000000725754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1de1215e33c1222021-12-21 12:51:25.196root 11241100x8000000000000000725755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76b3bfbe5c111b42021-12-21 12:51:25.196root 11241100x8000000000000000725756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb633a25f3df5bc52021-12-21 12:51:25.196root 11241100x8000000000000000725757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce726d3dd4901202021-12-21 12:51:25.196root 11241100x8000000000000000725758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0d14de5db6c9a82021-12-21 12:51:25.197root 11241100x8000000000000000725759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc51bca2f8c71df2021-12-21 12:51:25.197root 11241100x8000000000000000725760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9404c82ea1d502021-12-21 12:51:25.197root 11241100x8000000000000000725761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e9fe83e52fdca2021-12-21 12:51:25.197root 11241100x8000000000000000725762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9328a3dba44b7b952021-12-21 12:51:25.198root 11241100x8000000000000000725763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062219ccd5d419512021-12-21 12:51:25.198root 11241100x8000000000000000725764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a55f35fc28f5912021-12-21 12:51:25.198root 11241100x8000000000000000725765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b185001394011242021-12-21 12:51:25.198root 11241100x8000000000000000725766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b87940f603aa472021-12-21 12:51:25.693root 11241100x8000000000000000725767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003c443110878e7c2021-12-21 12:51:25.694root 11241100x8000000000000000725768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c04f1ee6d3041142021-12-21 12:51:25.694root 11241100x8000000000000000725769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f09cd2c098d7d2021-12-21 12:51:25.694root 11241100x8000000000000000725770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7f6d94a2121dff2021-12-21 12:51:25.694root 11241100x8000000000000000725771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dbcb0e9e77d6d02021-12-21 12:51:25.694root 11241100x8000000000000000725772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1b0a41b410cd882021-12-21 12:51:25.694root 11241100x8000000000000000725773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab31dae205494d2021-12-21 12:51:25.694root 11241100x8000000000000000725774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6649b1532de486e2021-12-21 12:51:25.694root 11241100x8000000000000000725775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc1989f79d3791c2021-12-21 12:51:25.694root 11241100x8000000000000000725776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a9651bdf7b729e2021-12-21 12:51:25.694root 11241100x8000000000000000725777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd83bc48c5f4542021-12-21 12:51:25.694root 11241100x8000000000000000725778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788652402265e6f42021-12-21 12:51:25.694root 11241100x8000000000000000725779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c7aba5625cf0d2021-12-21 12:51:25.694root 11241100x8000000000000000725780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d6fb46aa562cc42021-12-21 12:51:25.694root 11241100x8000000000000000725781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a057e0bbc5425372021-12-21 12:51:25.694root 11241100x8000000000000000725782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c253c19c2620efcf2021-12-21 12:51:25.695root 11241100x8000000000000000725783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eddd98c2fb745612021-12-21 12:51:25.695root 11241100x8000000000000000725784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a5e27fff010b782021-12-21 12:51:25.695root 11241100x8000000000000000725785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbfd432ebc506cf2021-12-21 12:51:25.695root 11241100x8000000000000000725786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8aef65987dc4852021-12-21 12:51:25.695root 11241100x8000000000000000725787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c5899729979cce2021-12-21 12:51:25.695root 11241100x8000000000000000725788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf90d21d49440942021-12-21 12:51:25.695root 11241100x8000000000000000725789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff54872d0c6041a2021-12-21 12:51:25.695root 11241100x8000000000000000725790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65996c1b2c8dfee62021-12-21 12:51:25.695root 11241100x8000000000000000725791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e519a0577effc02021-12-21 12:51:25.695root 11241100x8000000000000000725792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1528efc5f4024482021-12-21 12:51:25.695root 354300x8000000000000000725793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.966{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37648-false10.0.1.12-8089- 11241100x8000000000000000725794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66002cc252ddf0fb2021-12-21 12:51:25.966root 11241100x8000000000000000725795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0981050b280d212021-12-21 12:51:25.966root 11241100x8000000000000000725796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79381a739a1ab44e2021-12-21 12:51:25.967root 11241100x8000000000000000725797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0be07a9e6554c352021-12-21 12:51:25.967root 11241100x8000000000000000725798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0778ab0f7e7c36222021-12-21 12:51:25.967root 11241100x8000000000000000725799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592b3751ddfe24d22021-12-21 12:51:25.967root 11241100x8000000000000000725800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf65659e4f4be92021-12-21 12:51:25.967root 11241100x8000000000000000725801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75d662d8a6ea72a2021-12-21 12:51:25.967root 11241100x8000000000000000725802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d31e6e27a369d42021-12-21 12:51:25.967root 11241100x8000000000000000725803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a2cb6b2973d06f2021-12-21 12:51:25.968root 11241100x8000000000000000725804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a970d3f66adaa4d2021-12-21 12:51:25.968root 11241100x8000000000000000725805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf6fb346f61a792021-12-21 12:51:25.968root 11241100x8000000000000000725806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505b582bb56c6e312021-12-21 12:51:25.968root 11241100x8000000000000000725807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff32637e157f9642021-12-21 12:51:25.968root 11241100x8000000000000000725808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dae763e6b2f5992021-12-21 12:51:25.968root 11241100x8000000000000000725809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c1ab9cef2abda12021-12-21 12:51:25.969root 11241100x8000000000000000725810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0c94500e241b622021-12-21 12:51:25.969root 11241100x8000000000000000725811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617ed0b5d059dfa2021-12-21 12:51:25.969root 11241100x8000000000000000725812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b20f65d4e9868652021-12-21 12:51:25.969root 11241100x8000000000000000725813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60831d95c9bbc1232021-12-21 12:51:25.969root 11241100x8000000000000000725814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0494cc67e1f7eab12021-12-21 12:51:25.969root 11241100x8000000000000000725815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d880203296d0952021-12-21 12:51:25.969root 11241100x8000000000000000725816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72f6308835f80442021-12-21 12:51:25.969root 11241100x8000000000000000725817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69af87896bb6200b2021-12-21 12:51:25.969root 11241100x8000000000000000725818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18788022ceab3e32021-12-21 12:51:25.970root 11241100x8000000000000000725819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3407cc71a3fcaa4b2021-12-21 12:51:25.970root 11241100x8000000000000000725820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faa6d5cb3863c9f2021-12-21 12:51:25.970root 11241100x8000000000000000725821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d7d09bd118192e2021-12-21 12:51:25.970root 11241100x8000000000000000725822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3172832609f8de082021-12-21 12:51:25.970root 11241100x8000000000000000725823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fb0fb3002e21fd2021-12-21 12:51:25.971root 11241100x8000000000000000725824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f483d86c947554702021-12-21 12:51:25.971root 11241100x8000000000000000725825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8ea857b246d4dd2021-12-21 12:51:25.971root 11241100x8000000000000000725826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480638bdb99a41ff2021-12-21 12:51:25.971root 11241100x8000000000000000725827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01339b80fb846e8a2021-12-21 12:51:25.971root 11241100x8000000000000000725828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44674e3d37f494e52021-12-21 12:51:25.971root 11241100x8000000000000000725829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7ddc7334bfb4182021-12-21 12:51:25.972root 11241100x8000000000000000725830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50152f8e4b91adc2021-12-21 12:51:25.972root 11241100x8000000000000000725831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a6b652a70013ee2021-12-21 12:51:26.443root 11241100x8000000000000000725832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709514d224b824a82021-12-21 12:51:26.444root 11241100x8000000000000000725833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71da93af0c5dcae2021-12-21 12:51:26.444root 11241100x8000000000000000725834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274a292f534209142021-12-21 12:51:26.444root 11241100x8000000000000000725835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2776b27440e140c2021-12-21 12:51:26.444root 11241100x8000000000000000725836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2311ed92df05150e2021-12-21 12:51:26.444root 11241100x8000000000000000725837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438f9fe2e8046572021-12-21 12:51:26.445root 11241100x8000000000000000725838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138cf4722fdaec0f2021-12-21 12:51:26.445root 11241100x8000000000000000725839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e52adedfabc282021-12-21 12:51:26.445root 11241100x8000000000000000725840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462a224db1557b92021-12-21 12:51:26.445root 11241100x8000000000000000725841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade1a1ef92eb577a2021-12-21 12:51:26.445root 11241100x8000000000000000725842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68973ef8eee68042021-12-21 12:51:26.446root 11241100x8000000000000000725843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e95abcdcc3185752021-12-21 12:51:26.446root 11241100x8000000000000000725844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b2cdca3da2e4c12021-12-21 12:51:26.446root 11241100x8000000000000000725845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667323d02db9baaf2021-12-21 12:51:26.446root 11241100x8000000000000000725846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d664e6e0c7c8f2021-12-21 12:51:26.446root 11241100x8000000000000000725847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f0af5c1435d7fc2021-12-21 12:51:26.447root 11241100x8000000000000000725848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ac254a4c8ae40e2021-12-21 12:51:26.447root 11241100x8000000000000000725849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e0975f58a71b782021-12-21 12:51:26.447root 11241100x8000000000000000725850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf20cc543c76b0d2021-12-21 12:51:26.447root 11241100x8000000000000000725851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0660de8014bb5c122021-12-21 12:51:26.447root 11241100x8000000000000000725852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5349ff00a743e862021-12-21 12:51:26.448root 11241100x8000000000000000725853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3089fb4506b70cb52021-12-21 12:51:26.448root 11241100x8000000000000000725854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2837c469b652a62021-12-21 12:51:26.448root 11241100x8000000000000000725855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1151b4881054152c2021-12-21 12:51:26.448root 11241100x8000000000000000725856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce9118799d2c5b32021-12-21 12:51:26.448root 11241100x8000000000000000725857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685f62691e4297a02021-12-21 12:51:26.449root 11241100x8000000000000000725858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f14e87f308d2ad2021-12-21 12:51:26.449root 11241100x8000000000000000725859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf1eac74f21fefb2021-12-21 12:51:26.943root 11241100x8000000000000000725860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea6cd0f105243f92021-12-21 12:51:26.943root 11241100x8000000000000000725861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52af3f63e71ac3d32021-12-21 12:51:26.943root 11241100x8000000000000000725862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f524eaea7a77932021-12-21 12:51:26.944root 11241100x8000000000000000725863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996e97a6fe8dd02c2021-12-21 12:51:26.944root 11241100x8000000000000000725864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a96ba6860092012021-12-21 12:51:26.944root 11241100x8000000000000000725865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e5c18736acbe272021-12-21 12:51:26.944root 11241100x8000000000000000725866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca61fe9d1cbe31192021-12-21 12:51:26.944root 11241100x8000000000000000725867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2580123c033e58f32021-12-21 12:51:26.944root 11241100x8000000000000000725868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33539561c5c8d2362021-12-21 12:51:26.944root 11241100x8000000000000000725869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b648898b9dc0382021-12-21 12:51:26.944root 11241100x8000000000000000725870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8237679c98c6d6a72021-12-21 12:51:26.944root 11241100x8000000000000000725871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bfd65f7342c6812021-12-21 12:51:26.945root 11241100x8000000000000000725872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518e5d1cbec083932021-12-21 12:51:26.945root 11241100x8000000000000000725873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c981758f981b612021-12-21 12:51:26.945root 11241100x8000000000000000725874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1872f6a844c2206a2021-12-21 12:51:26.945root 11241100x8000000000000000725875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01a202cbd4cc57d2021-12-21 12:51:26.945root 11241100x8000000000000000725876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12a52a6ef2a572a2021-12-21 12:51:26.945root 11241100x8000000000000000725877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d7b106901e59632021-12-21 12:51:26.945root 11241100x8000000000000000725878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c753643393895dca2021-12-21 12:51:26.945root 11241100x8000000000000000725879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579c5bc6396dbef2021-12-21 12:51:26.945root 11241100x8000000000000000725880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4028bc03ec5ae6b12021-12-21 12:51:26.946root 11241100x8000000000000000725881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe4e912e839c7012021-12-21 12:51:26.946root 11241100x8000000000000000725882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ac028f15a75a122021-12-21 12:51:26.946root 11241100x8000000000000000725883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b097eaf13f12872021-12-21 12:51:26.946root 11241100x8000000000000000725884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cccb69f04583f012021-12-21 12:51:26.946root 11241100x8000000000000000725885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114412e6963a265e2021-12-21 12:51:26.946root 11241100x8000000000000000725886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c290b872051d7802021-12-21 12:51:26.946root 11241100x8000000000000000725887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc981f9fa86e9e432021-12-21 12:51:27.443root 11241100x8000000000000000725888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57a424a4ebf4fde2021-12-21 12:51:27.443root 11241100x8000000000000000725889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57e2eca8f6248422021-12-21 12:51:27.443root 11241100x8000000000000000725890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d565a97fcdd2f22021-12-21 12:51:27.443root 11241100x8000000000000000725891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc897b0eaae48e32021-12-21 12:51:27.444root 11241100x8000000000000000725892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818d9d17ac26b2d92021-12-21 12:51:27.444root 11241100x8000000000000000725893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da70b97e0e2161cf2021-12-21 12:51:27.444root 11241100x8000000000000000725894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c639ef988d3cd52021-12-21 12:51:27.444root 11241100x8000000000000000725895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5f51d9933bd44a2021-12-21 12:51:27.444root 11241100x8000000000000000725896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6418b10ff5826d512021-12-21 12:51:27.444root 11241100x8000000000000000725897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e9b68363d6598a2021-12-21 12:51:27.444root 11241100x8000000000000000725898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a1a7bed631ff32021-12-21 12:51:27.444root 11241100x8000000000000000725899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68109b760b8a8ba32021-12-21 12:51:27.444root 11241100x8000000000000000725900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c0a21cfd2dd5f32021-12-21 12:51:27.444root 11241100x8000000000000000725901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1bffc797afe0212021-12-21 12:51:27.444root 11241100x8000000000000000725902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f775162a6158c1a2021-12-21 12:51:27.444root 11241100x8000000000000000725903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030eb5629fa860b22021-12-21 12:51:27.444root 11241100x8000000000000000725904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7676304c32e4b242021-12-21 12:51:27.444root 11241100x8000000000000000725905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ac4e7bd3c98082021-12-21 12:51:27.445root 11241100x8000000000000000725906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf40288ddea72902021-12-21 12:51:27.445root 11241100x8000000000000000725907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997324c2aca665d2021-12-21 12:51:27.445root 11241100x8000000000000000725908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f450534c296451c32021-12-21 12:51:27.445root 11241100x8000000000000000725909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dc894e0355e4c22021-12-21 12:51:27.445root 11241100x8000000000000000725910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a7270ebd03e9b22021-12-21 12:51:27.445root 11241100x8000000000000000725911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777041e571777b892021-12-21 12:51:27.445root 11241100x8000000000000000725912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378d50d402a1f022021-12-21 12:51:27.445root 11241100x8000000000000000725913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ae14a5c1b677112021-12-21 12:51:27.445root 11241100x8000000000000000725914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7576a5b5beaddb452021-12-21 12:51:27.445root 11241100x8000000000000000725915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8c6838d9f6343e2021-12-21 12:51:27.445root 11241100x8000000000000000725916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e6043c049b96102021-12-21 12:51:27.943root 11241100x8000000000000000725917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d33226000366802021-12-21 12:51:27.944root 11241100x8000000000000000725918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c150be6ac2156a2021-12-21 12:51:27.944root 11241100x8000000000000000725919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43959127d34db6942021-12-21 12:51:27.944root 11241100x8000000000000000725920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9747aa3f85ad50402021-12-21 12:51:27.944root 11241100x8000000000000000725921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e77e51c5eee61dc2021-12-21 12:51:27.944root 11241100x8000000000000000725922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363bc1be46073342021-12-21 12:51:27.944root 11241100x8000000000000000725923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b366cd6151e22d2021-12-21 12:51:27.944root 11241100x8000000000000000725924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc8c433ed7058c2021-12-21 12:51:27.944root 11241100x8000000000000000725925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8906914ea542a602021-12-21 12:51:27.944root 11241100x8000000000000000725926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ae3fddc0a575a92021-12-21 12:51:27.945root 11241100x8000000000000000725927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d24ea866834e492021-12-21 12:51:27.945root 11241100x8000000000000000725928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42846cacaaa910ca2021-12-21 12:51:27.945root 11241100x8000000000000000725929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d1bdf6dd0da9f82021-12-21 12:51:27.945root 11241100x8000000000000000725930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ddcfe9f68437262021-12-21 12:51:27.945root 11241100x8000000000000000725931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3220a4b7f24ddbc2021-12-21 12:51:27.945root 11241100x8000000000000000725932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040a6a136e20cb12021-12-21 12:51:27.945root 11241100x8000000000000000725933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59f28fc45be9fc02021-12-21 12:51:27.945root 11241100x8000000000000000725934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d513c97e91a6262021-12-21 12:51:27.945root 11241100x8000000000000000725935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebccd89fa4aeb8f62021-12-21 12:51:27.945root 11241100x8000000000000000725936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d363b51600578e2021-12-21 12:51:27.946root 11241100x8000000000000000725937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e11d0a8dbe7f3c72021-12-21 12:51:27.946root 11241100x8000000000000000725938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549b4b93ad28134f2021-12-21 12:51:27.946root 11241100x8000000000000000725939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d515ef72a18903eb2021-12-21 12:51:27.946root 11241100x8000000000000000725940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ad03db5684c5912021-12-21 12:51:27.946root 11241100x8000000000000000725941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a47d5e7e93ebcd12021-12-21 12:51:27.946root 11241100x8000000000000000725942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49299abf77de80f62021-12-21 12:51:27.946root 11241100x8000000000000000725943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46694d09e93253f2021-12-21 12:51:27.946root 11241100x8000000000000000725944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbf139166fb1ad02021-12-21 12:51:28.443root 11241100x8000000000000000725945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec75bf4466dbe2182021-12-21 12:51:28.443root 11241100x8000000000000000725946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326b3129698d2c02021-12-21 12:51:28.444root 11241100x8000000000000000725947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51c8a30d43b15792021-12-21 12:51:28.444root 11241100x8000000000000000725948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c72bbe34a64ec9e2021-12-21 12:51:28.444root 11241100x8000000000000000725949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad30d1415045be1e2021-12-21 12:51:28.444root 11241100x8000000000000000725950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816e494425baffee2021-12-21 12:51:28.444root 11241100x8000000000000000725951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41007712d4f44f82021-12-21 12:51:28.444root 11241100x8000000000000000725952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0321667dbad06c42021-12-21 12:51:28.444root 11241100x8000000000000000725953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6cce9ac3765dbf2021-12-21 12:51:28.444root 11241100x8000000000000000725954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b50ba6528ca9f22021-12-21 12:51:28.444root 11241100x8000000000000000725955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1efedd075e8602021-12-21 12:51:28.444root 11241100x8000000000000000725956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e64091fe484e972021-12-21 12:51:28.445root 11241100x8000000000000000725957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0c7f5d5ccf80392021-12-21 12:51:28.445root 11241100x8000000000000000725958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383b343fdfc781d12021-12-21 12:51:28.445root 11241100x8000000000000000725959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c06180f5fc4a6472021-12-21 12:51:28.445root 11241100x8000000000000000725960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd2b622e88404112021-12-21 12:51:28.445root 11241100x8000000000000000725961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fce01986ae0b47e2021-12-21 12:51:28.445root 11241100x8000000000000000725962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be49d67e8aa9bc72021-12-21 12:51:28.445root 11241100x8000000000000000725963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e91e5647716c162021-12-21 12:51:28.445root 11241100x8000000000000000725964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71ba2c3c9df36142021-12-21 12:51:28.445root 11241100x8000000000000000725965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b00a898c38c9e62021-12-21 12:51:28.445root 11241100x8000000000000000725966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18637924607132182021-12-21 12:51:28.445root 11241100x8000000000000000725967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249d3d17bae1f2d42021-12-21 12:51:28.445root 11241100x8000000000000000725968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860a258362e61b972021-12-21 12:51:28.445root 11241100x8000000000000000725969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f28cae47ce537682021-12-21 12:51:28.445root 11241100x8000000000000000725970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac395144ddc7c802021-12-21 12:51:28.445root 11241100x8000000000000000725971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3b43426462ee8d2021-12-21 12:51:28.446root 11241100x8000000000000000725972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293643efee273b8a2021-12-21 12:51:28.943root 11241100x8000000000000000725973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8849bbd4ee2e3f92021-12-21 12:51:28.943root 11241100x8000000000000000725974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd62dea640c341f2021-12-21 12:51:28.943root 11241100x8000000000000000725975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04b06675c96a4982021-12-21 12:51:28.943root 11241100x8000000000000000725976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71cd23026f19d3c2021-12-21 12:51:28.944root 11241100x8000000000000000725977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f75968fba381f72021-12-21 12:51:28.944root 11241100x8000000000000000725978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8909ec9b78e70032021-12-21 12:51:28.944root 11241100x8000000000000000725979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b463ff9308edb0ae2021-12-21 12:51:28.944root 11241100x8000000000000000725980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d432ef5fa5cd852021-12-21 12:51:28.944root 11241100x8000000000000000725981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a82d44430ccbea72021-12-21 12:51:28.944root 11241100x8000000000000000725982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac03ec75aa385b7f2021-12-21 12:51:28.944root 11241100x8000000000000000725983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5291ecd38d9bb9d2021-12-21 12:51:28.944root 11241100x8000000000000000725984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbbcb25f7ae01ac2021-12-21 12:51:28.944root 11241100x8000000000000000725985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c55290fc2a54c2021-12-21 12:51:28.944root 11241100x8000000000000000725986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7139fc92e2bba372021-12-21 12:51:28.944root 11241100x8000000000000000725987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b70f55af62106e62021-12-21 12:51:28.944root 11241100x8000000000000000725988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaf445e60b232822021-12-21 12:51:28.944root 11241100x8000000000000000725989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fec87ce73dbfa32021-12-21 12:51:28.944root 11241100x8000000000000000725990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19224acbb200f82021-12-21 12:51:28.944root 11241100x8000000000000000725991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a0919e33dacd32021-12-21 12:51:28.945root 11241100x8000000000000000725992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa4bd2596a812b02021-12-21 12:51:28.945root 11241100x8000000000000000725993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b635be8108deebc2021-12-21 12:51:28.945root 11241100x8000000000000000725994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8763b779d8e6bf12021-12-21 12:51:28.945root 11241100x8000000000000000725995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c188161b436beb2021-12-21 12:51:28.945root 11241100x8000000000000000725996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69989e5acefe8e5e2021-12-21 12:51:28.945root 11241100x8000000000000000725997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676339fa9d397e082021-12-21 12:51:28.945root 11241100x8000000000000000725998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b9c67a8d6b382a2021-12-21 12:51:28.945root 11241100x8000000000000000725999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043120db01ac34de2021-12-21 12:51:28.946root 11241100x8000000000000000726000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c08f86e5f84f12021-12-21 12:51:29.443root 11241100x8000000000000000726001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7560ddf9f5be42021-12-21 12:51:29.443root 11241100x8000000000000000726002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8e59893411a51a2021-12-21 12:51:29.444root 11241100x8000000000000000726003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda667fa57a416212021-12-21 12:51:29.444root 11241100x8000000000000000726004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae67d2a335c09e8b2021-12-21 12:51:29.444root 11241100x8000000000000000726005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f47e58bdf4198f2021-12-21 12:51:29.444root 11241100x8000000000000000726006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e6ca22137784742021-12-21 12:51:29.444root 11241100x8000000000000000726007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5adc715ff1167dd2021-12-21 12:51:29.444root 11241100x8000000000000000726008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3b862dc7f40b4d2021-12-21 12:51:29.444root 11241100x8000000000000000726009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e9fb9ddbc3ebf32021-12-21 12:51:29.444root 11241100x8000000000000000726010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b251279e4d09d1922021-12-21 12:51:29.444root 11241100x8000000000000000726011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e3d7e1d2f9c9472021-12-21 12:51:29.444root 11241100x8000000000000000726012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7887e0280727e5e92021-12-21 12:51:29.444root 11241100x8000000000000000726013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147057296de3b1f62021-12-21 12:51:29.444root 11241100x8000000000000000726014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e762b7a8b326a8f2021-12-21 12:51:29.444root 11241100x8000000000000000726015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4f67a54f1ef8242021-12-21 12:51:29.444root 11241100x8000000000000000726016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40007cb9cc45f8582021-12-21 12:51:29.445root 11241100x8000000000000000726017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb97a0d04d7a8ad2021-12-21 12:51:29.445root 11241100x8000000000000000726018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf002177d37d5c62021-12-21 12:51:29.445root 11241100x8000000000000000726019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa4ee326404518a2021-12-21 12:51:29.445root 11241100x8000000000000000726020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300b87ee38f2be02021-12-21 12:51:29.445root 11241100x8000000000000000726021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a66db512006da2f2021-12-21 12:51:29.445root 11241100x8000000000000000726022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ff01b62d3716d82021-12-21 12:51:29.445root 11241100x8000000000000000726023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5679bf405b33f332021-12-21 12:51:29.445root 11241100x8000000000000000726024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ca210c779c1c7f2021-12-21 12:51:29.445root 11241100x8000000000000000726025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e45e81e016f1ac22021-12-21 12:51:29.445root 11241100x8000000000000000726026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794585176e8560ca2021-12-21 12:51:29.445root 11241100x8000000000000000726027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fed7cafe2557ad2021-12-21 12:51:29.445root 11241100x8000000000000000726028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6245f1c31355e0242021-12-21 12:51:29.943root 11241100x8000000000000000726029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4499c290c47ee92021-12-21 12:51:29.943root 11241100x8000000000000000726030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f3181e43ffb6802021-12-21 12:51:29.943root 11241100x8000000000000000726031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d781f84a8386a2442021-12-21 12:51:29.944root 11241100x8000000000000000726032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8f43be011b41b12021-12-21 12:51:29.944root 11241100x8000000000000000726033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e528ab0159fce5d92021-12-21 12:51:29.944root 11241100x8000000000000000726034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b562f89ad4f574e92021-12-21 12:51:29.944root 11241100x8000000000000000726035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968932afcf41182c2021-12-21 12:51:29.944root 11241100x8000000000000000726036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4fb7e70bf51c652021-12-21 12:51:29.944root 11241100x8000000000000000726037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4154585e9871fa32021-12-21 12:51:29.944root 11241100x8000000000000000726038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ee6b67258c98542021-12-21 12:51:29.944root 11241100x8000000000000000726039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e6b14afbf38032021-12-21 12:51:29.944root 11241100x8000000000000000726040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adad8ee684606532021-12-21 12:51:29.944root 11241100x8000000000000000726041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658cd76a46643cb62021-12-21 12:51:29.945root 11241100x8000000000000000726042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b014814bdbf112021-12-21 12:51:29.945root 11241100x8000000000000000726043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75d0a89f9eff782021-12-21 12:51:29.945root 11241100x8000000000000000726044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118577c6e00bea982021-12-21 12:51:29.945root 11241100x8000000000000000726045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3b5e4962f5ccd72021-12-21 12:51:29.945root 11241100x8000000000000000726046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2362c075b4e15ebf2021-12-21 12:51:29.945root 11241100x8000000000000000726047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900713371bd36f6f2021-12-21 12:51:29.945root 11241100x8000000000000000726048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff0396f32af1bf02021-12-21 12:51:29.945root 11241100x8000000000000000726049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80db5e3343637fa12021-12-21 12:51:29.945root 11241100x8000000000000000726050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c8ddebc54102202021-12-21 12:51:29.945root 11241100x8000000000000000726051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f972b7a28f39a622021-12-21 12:51:29.945root 11241100x8000000000000000726052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99e41ced7d550a72021-12-21 12:51:29.946root 11241100x8000000000000000726053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c94241fa176fc32021-12-21 12:51:29.946root 11241100x8000000000000000726054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e214e4c284431c092021-12-21 12:51:29.946root 11241100x8000000000000000726055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c5d78b347810d2021-12-21 12:51:29.946root 354300x8000000000000000726056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.216{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50586-false10.0.1.12-8000- 11241100x8000000000000000726057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c673b909e7a021a2021-12-21 12:51:30.218root 11241100x8000000000000000726058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb466f4a20cc9e92021-12-21 12:51:30.218root 11241100x8000000000000000726059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea576b8b395029522021-12-21 12:51:30.218root 11241100x8000000000000000726060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aca970827fdf0c42021-12-21 12:51:30.218root 11241100x8000000000000000726061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f124ae86fa6c6202021-12-21 12:51:30.218root 11241100x8000000000000000726062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc3aab5d8108ac52021-12-21 12:51:30.218root 11241100x8000000000000000726063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eeb86d367a41a42021-12-21 12:51:30.218root 11241100x8000000000000000726064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80126985d9cdf4d92021-12-21 12:51:30.219root 11241100x8000000000000000726065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6da2dc464909292021-12-21 12:51:30.219root 11241100x8000000000000000726066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4af2504db1030a2021-12-21 12:51:30.219root 11241100x8000000000000000726067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22725d9ec978a64c2021-12-21 12:51:30.219root 11241100x8000000000000000726068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0224edb6dfdbd0422021-12-21 12:51:30.219root 11241100x8000000000000000726069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac35012c734dda1f2021-12-21 12:51:30.219root 11241100x8000000000000000726070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf49d3a4d3947f92021-12-21 12:51:30.219root 11241100x8000000000000000726071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92870621d4bf95ad2021-12-21 12:51:30.219root 11241100x8000000000000000726072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88197f86f1e0d7c32021-12-21 12:51:30.219root 11241100x8000000000000000726073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14be0c4783ff2d52021-12-21 12:51:30.219root 11241100x8000000000000000726074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ae88e1cac8d21a2021-12-21 12:51:30.220root 11241100x8000000000000000726075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942471d54d02c752021-12-21 12:51:30.220root 11241100x8000000000000000726076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaab4482e05ef89a2021-12-21 12:51:30.220root 11241100x8000000000000000726077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b51f42d5f2248e72021-12-21 12:51:30.220root 11241100x8000000000000000726078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6e6aba826e77b92021-12-21 12:51:30.220root 11241100x8000000000000000726079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60707d3abf3bae112021-12-21 12:51:30.220root 11241100x8000000000000000726080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbd9240e2c179162021-12-21 12:51:30.220root 11241100x8000000000000000726081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54851b727db7f92021-12-21 12:51:30.220root 11241100x8000000000000000726082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a9fa593e104fd42021-12-21 12:51:30.220root 11241100x8000000000000000726083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122a7c1b05cfefd22021-12-21 12:51:30.220root 11241100x8000000000000000726084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1d90f844c3be922021-12-21 12:51:30.220root 11241100x8000000000000000726085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e409e28b0e1d07d92021-12-21 12:51:30.221root 11241100x8000000000000000726086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd823ccdd8b2e2602021-12-21 12:51:30.694root 11241100x8000000000000000726087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b34f8d8a2f5c812021-12-21 12:51:30.694root 11241100x8000000000000000726088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c5b3dc41354f582021-12-21 12:51:30.694root 11241100x8000000000000000726089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb24369168dd26e72021-12-21 12:51:30.694root 11241100x8000000000000000726090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cacc56cc3070fc2021-12-21 12:51:30.694root 11241100x8000000000000000726091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52029609e5da093e2021-12-21 12:51:30.694root 11241100x8000000000000000726092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb383f0b24442c872021-12-21 12:51:30.694root 11241100x8000000000000000726093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe32cf56f1484d92021-12-21 12:51:30.695root 11241100x8000000000000000726094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e626030b642062021-12-21 12:51:30.695root 11241100x8000000000000000726095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3631cba138ed5c2021-12-21 12:51:30.695root 11241100x8000000000000000726096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e53a54840e0da42021-12-21 12:51:30.695root 11241100x8000000000000000726097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570d870f5a7feacc2021-12-21 12:51:30.695root 11241100x8000000000000000726098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ae97fea2421152021-12-21 12:51:30.695root 11241100x8000000000000000726099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63afdcf93e01c7122021-12-21 12:51:30.695root 11241100x8000000000000000726100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48606e9d8a1812642021-12-21 12:51:30.695root 11241100x8000000000000000726101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b74e98d12ecd94b2021-12-21 12:51:30.696root 11241100x8000000000000000726102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4aa02f28e9b36d2021-12-21 12:51:30.696root 11241100x8000000000000000726103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc39f3ed3a0debea2021-12-21 12:51:30.696root 11241100x8000000000000000726104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17647fc48e11882021-12-21 12:51:30.696root 11241100x8000000000000000726105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa244201107a7242021-12-21 12:51:30.696root 11241100x8000000000000000726106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32fc4eba8bca4862021-12-21 12:51:30.696root 11241100x8000000000000000726107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86ac4e1505ab37b2021-12-21 12:51:30.696root 11241100x8000000000000000726108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad64ce12cfcf4c202021-12-21 12:51:30.696root 11241100x8000000000000000726109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61b2c7fbe9257992021-12-21 12:51:30.696root 11241100x8000000000000000726110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce4015d648e751c2021-12-21 12:51:30.696root 11241100x8000000000000000726111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c134432c83b6f662021-12-21 12:51:30.696root 11241100x8000000000000000726112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd46ccf98023a8b2021-12-21 12:51:30.697root 11241100x8000000000000000726113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747aaa04c1a003152021-12-21 12:51:30.697root 11241100x8000000000000000726114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affd8ad5157014742021-12-21 12:51:30.698root 11241100x8000000000000000726115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238256cd763bac122021-12-21 12:51:31.194root 11241100x8000000000000000726116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcc75697195b7722021-12-21 12:51:31.194root 11241100x8000000000000000726117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d160cfea55ad0b232021-12-21 12:51:31.194root 11241100x8000000000000000726118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28010ad8254231eb2021-12-21 12:51:31.194root 11241100x8000000000000000726119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf97cf7be69a342e2021-12-21 12:51:31.194root 11241100x8000000000000000726120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b19feabf7517b632021-12-21 12:51:31.194root 11241100x8000000000000000726121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2559eb7380abe52021-12-21 12:51:31.194root 11241100x8000000000000000726122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d578d0469cce27662021-12-21 12:51:31.194root 11241100x8000000000000000726123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3abaed9ba26ad972021-12-21 12:51:31.194root 11241100x8000000000000000726124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f0394a989ae7e82021-12-21 12:51:31.194root 11241100x8000000000000000726125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45187b2a396a5aab2021-12-21 12:51:31.194root 11241100x8000000000000000726126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39da7427d3e395112021-12-21 12:51:31.194root 11241100x8000000000000000726127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b83f455b4426c652021-12-21 12:51:31.194root 11241100x8000000000000000726128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54adcecfd94033d2021-12-21 12:51:31.194root 11241100x8000000000000000726129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf005ae00e15d71f2021-12-21 12:51:31.195root 11241100x8000000000000000726130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5ee7367e641b5c2021-12-21 12:51:31.195root 11241100x8000000000000000726131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c2e7022726b472021-12-21 12:51:31.195root 11241100x8000000000000000726132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d62d54ae85647d2021-12-21 12:51:31.195root 11241100x8000000000000000726133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f867519767c988482021-12-21 12:51:31.195root 11241100x8000000000000000726134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b9a4e7f68f261a2021-12-21 12:51:31.195root 11241100x8000000000000000726135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be4d86f23948fa52021-12-21 12:51:31.195root 11241100x8000000000000000726136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1fc9a4d4bdd27f2021-12-21 12:51:31.195root 11241100x8000000000000000726137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c1a5b1bda9eda42021-12-21 12:51:31.195root 11241100x8000000000000000726138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af3b448892be3042021-12-21 12:51:31.195root 11241100x8000000000000000726139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66fe2df95697d752021-12-21 12:51:31.195root 11241100x8000000000000000726140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3d1ab860687ecc2021-12-21 12:51:31.195root 11241100x8000000000000000726141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9c632503eeebe22021-12-21 12:51:31.196root 11241100x8000000000000000726142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e37b41040a36242021-12-21 12:51:31.196root 11241100x8000000000000000726143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2fac51e37f6c72021-12-21 12:51:31.196root 11241100x8000000000000000726144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78ddb1f614d0fd92021-12-21 12:51:31.694root 11241100x8000000000000000726145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40195916cf0f422021-12-21 12:51:31.694root 11241100x8000000000000000726146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf517b2544ab90d72021-12-21 12:51:31.694root 11241100x8000000000000000726147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fda3ee2daf60272021-12-21 12:51:31.694root 11241100x8000000000000000726148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f91e89e36f2a092021-12-21 12:51:31.694root 11241100x8000000000000000726149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0215e4e21ba021a2021-12-21 12:51:31.694root 11241100x8000000000000000726150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55868714fb573882021-12-21 12:51:31.694root 11241100x8000000000000000726151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb15dc68d86e33c2021-12-21 12:51:31.694root 11241100x8000000000000000726152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5e67c4fdae56e2021-12-21 12:51:31.694root 11241100x8000000000000000726153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019392d271c9b2672021-12-21 12:51:31.694root 11241100x8000000000000000726154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857129e73b6a87f02021-12-21 12:51:31.694root 11241100x8000000000000000726155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1234f092124c75c02021-12-21 12:51:31.694root 11241100x8000000000000000726156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1866b39f51a5ea312021-12-21 12:51:31.694root 11241100x8000000000000000726157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53868a92f74f928a2021-12-21 12:51:31.695root 11241100x8000000000000000726158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a964bcd6c3ca712021-12-21 12:51:31.695root 11241100x8000000000000000726159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9524badb0dccfc7f2021-12-21 12:51:31.695root 11241100x8000000000000000726160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38c67b1884d94562021-12-21 12:51:31.695root 11241100x8000000000000000726161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7150f8489c28df972021-12-21 12:51:31.695root 11241100x8000000000000000726162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5f55e397ca75b52021-12-21 12:51:31.695root 11241100x8000000000000000726163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd00dad4427f12c2021-12-21 12:51:31.695root 11241100x8000000000000000726164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f935f9149387c682021-12-21 12:51:31.695root 11241100x8000000000000000726165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b944db187c91872021-12-21 12:51:31.695root 11241100x8000000000000000726166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac55dd303ca8f92021-12-21 12:51:31.695root 11241100x8000000000000000726167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9beac957415dfa2021-12-21 12:51:31.695root 11241100x8000000000000000726168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ba36ea4e3fb6402021-12-21 12:51:31.696root 11241100x8000000000000000726169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524475d5c66558bb2021-12-21 12:51:31.696root 11241100x8000000000000000726170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3448153562143b4d2021-12-21 12:51:31.696root 11241100x8000000000000000726171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921d682e16d94f3c2021-12-21 12:51:31.696root 11241100x8000000000000000726172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfbcc2a76082aaf2021-12-21 12:51:31.696root 11241100x8000000000000000726173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c48f9dbab909e92021-12-21 12:51:32.194root 11241100x8000000000000000726174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc5c4f74d0fafc2021-12-21 12:51:32.194root 11241100x8000000000000000726175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b62d4e3128d86cb2021-12-21 12:51:32.194root 11241100x8000000000000000726176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265ba5260693b282021-12-21 12:51:32.194root 11241100x8000000000000000726177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff986a3e498fc80a2021-12-21 12:51:32.194root 11241100x8000000000000000726178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4eaa7c1b7750cb2021-12-21 12:51:32.194root 11241100x8000000000000000726179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a704a6e3db492842021-12-21 12:51:32.194root 11241100x8000000000000000726180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf12b4e7c336da12021-12-21 12:51:32.194root 11241100x8000000000000000726181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb141ffbb916969b2021-12-21 12:51:32.195root 11241100x8000000000000000726182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4b9ca69cc4692d2021-12-21 12:51:32.195root 11241100x8000000000000000726183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b119072ec55095e2021-12-21 12:51:32.195root 11241100x8000000000000000726184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca9554c8d7f7502021-12-21 12:51:32.195root 11241100x8000000000000000726185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01c794de9c6a9332021-12-21 12:51:32.195root 11241100x8000000000000000726186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf12a8f9db779242021-12-21 12:51:32.195root 11241100x8000000000000000726187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a814b25144c6232021-12-21 12:51:32.195root 11241100x8000000000000000726188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ee8538c59a2be2021-12-21 12:51:32.195root 11241100x8000000000000000726189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e540d0bf2946034e2021-12-21 12:51:32.196root 11241100x8000000000000000726190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cdaade5966e9702021-12-21 12:51:32.196root 11241100x8000000000000000726191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953646cff87af9f52021-12-21 12:51:32.196root 11241100x8000000000000000726192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aede434c1964b602021-12-21 12:51:32.196root 11241100x8000000000000000726193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaa319b9b4895232021-12-21 12:51:32.196root 11241100x8000000000000000726194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d381229dbca9723c2021-12-21 12:51:32.196root 11241100x8000000000000000726195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377ceeafc4cf34782021-12-21 12:51:32.196root 11241100x8000000000000000726196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8a19e1e13f4afa2021-12-21 12:51:32.197root 11241100x8000000000000000726197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0658b1608c158e2d2021-12-21 12:51:32.197root 11241100x8000000000000000726198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204123372169a52f2021-12-21 12:51:32.197root 11241100x8000000000000000726199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4115dd00ed4a3a862021-12-21 12:51:32.197root 11241100x8000000000000000726200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf7cbaaac591b062021-12-21 12:51:32.197root 11241100x8000000000000000726201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95620c335bb5a80f2021-12-21 12:51:32.197root 11241100x8000000000000000726202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e0962f056007af2021-12-21 12:51:32.694root 11241100x8000000000000000726203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1df9fadde06c12021-12-21 12:51:32.694root 11241100x8000000000000000726204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57860ae8018d40452021-12-21 12:51:32.694root 11241100x8000000000000000726205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bdf7279b2d67fe2021-12-21 12:51:32.694root 11241100x8000000000000000726206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab8ef83d9f2129b2021-12-21 12:51:32.694root 11241100x8000000000000000726207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd61d6899fc0bfa2021-12-21 12:51:32.694root 11241100x8000000000000000726208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02533dfa680ead8d2021-12-21 12:51:32.694root 11241100x8000000000000000726209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706f245569bfa4082021-12-21 12:51:32.694root 11241100x8000000000000000726210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91742d7e8fffa2462021-12-21 12:51:32.695root 11241100x8000000000000000726211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253af30ed240c4312021-12-21 12:51:32.695root 11241100x8000000000000000726212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5971e3f4ecd29ab92021-12-21 12:51:32.695root 11241100x8000000000000000726213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e2ccc7ecb6e6f2021-12-21 12:51:32.695root 11241100x8000000000000000726214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517315e6e1a850662021-12-21 12:51:32.695root 11241100x8000000000000000726215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343bc53a357492582021-12-21 12:51:32.695root 11241100x8000000000000000726216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283417c0ff3185212021-12-21 12:51:32.695root 11241100x8000000000000000726217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf4ea33bbc8f10a2021-12-21 12:51:32.695root 11241100x8000000000000000726218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b341e2f9bf121b2021-12-21 12:51:32.695root 11241100x8000000000000000726219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc6c4c4c295ba92021-12-21 12:51:32.696root 11241100x8000000000000000726220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65c121b2abc35f82021-12-21 12:51:32.696root 11241100x8000000000000000726221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a86926e1edaa592021-12-21 12:51:32.696root 11241100x8000000000000000726222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcdb3dfec339ddb2021-12-21 12:51:32.696root 11241100x8000000000000000726223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e8551674cd9f4a2021-12-21 12:51:32.696root 11241100x8000000000000000726224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e3787ea5a5829a2021-12-21 12:51:32.696root 11241100x8000000000000000726225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993c5bd373a51f902021-12-21 12:51:32.696root 11241100x8000000000000000726226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b293cccfcc4cc2021-12-21 12:51:32.696root 11241100x8000000000000000726227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792711eb0faf49ea2021-12-21 12:51:32.696root 11241100x8000000000000000726228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4710c5c3d948da052021-12-21 12:51:32.697root 11241100x8000000000000000726229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f1e5aac093f8c42021-12-21 12:51:32.697root 11241100x8000000000000000726230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe5f7cab7407c02021-12-21 12:51:32.697root 11241100x8000000000000000726231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd33d89eb1787a72021-12-21 12:51:33.194root 11241100x8000000000000000726232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3924a8564933408f2021-12-21 12:51:33.194root 11241100x8000000000000000726233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faf664da8f0a8452021-12-21 12:51:33.194root 11241100x8000000000000000726234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac68cef5cbfa0dd2021-12-21 12:51:33.194root 11241100x8000000000000000726235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb219aa9473f77f92021-12-21 12:51:33.194root 11241100x8000000000000000726236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1178b87824c562342021-12-21 12:51:33.194root 11241100x8000000000000000726237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d53c1a7877556872021-12-21 12:51:33.194root 11241100x8000000000000000726238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cde8133f328bae2021-12-21 12:51:33.194root 11241100x8000000000000000726239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5cc5abf9a73a622021-12-21 12:51:33.194root 11241100x8000000000000000726240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8201f5cb9d8f332021-12-21 12:51:33.194root 11241100x8000000000000000726241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085221cd9acbca112021-12-21 12:51:33.195root 11241100x8000000000000000726242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d92f0b85d948d82021-12-21 12:51:33.195root 11241100x8000000000000000726243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f9e8a8c42116122021-12-21 12:51:33.195root 11241100x8000000000000000726244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdd07fb3fd231172021-12-21 12:51:33.195root 11241100x8000000000000000726245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a44227f34d6c502021-12-21 12:51:33.195root 11241100x8000000000000000726246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6418ce978fdd8d72021-12-21 12:51:33.195root 11241100x8000000000000000726247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636044b3dc49ae672021-12-21 12:51:33.195root 11241100x8000000000000000726248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f43a3f8b573576d2021-12-21 12:51:33.195root 11241100x8000000000000000726249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdbe5b7f475f4262021-12-21 12:51:33.196root 11241100x8000000000000000726250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aa3d60882a40372021-12-21 12:51:33.196root 11241100x8000000000000000726251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc6c9c2203f6792021-12-21 12:51:33.196root 11241100x8000000000000000726252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0501cfbc02c4fe672021-12-21 12:51:33.196root 11241100x8000000000000000726253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952d4bd5370cc1462021-12-21 12:51:33.196root 11241100x8000000000000000726254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf5a36b8771ab972021-12-21 12:51:33.196root 11241100x8000000000000000726255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ae48f7f4c985b2021-12-21 12:51:33.196root 11241100x8000000000000000726256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158ee36b7759a55e2021-12-21 12:51:33.196root 11241100x8000000000000000726257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b065fae617863ed12021-12-21 12:51:33.197root 11241100x8000000000000000726258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ec3db73c4f737b2021-12-21 12:51:33.197root 11241100x8000000000000000726259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540cacc1271d5442021-12-21 12:51:33.197root 11241100x8000000000000000726260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa44638484000332021-12-21 12:51:33.694root 11241100x8000000000000000726261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be30decf20a4bf202021-12-21 12:51:33.694root 11241100x8000000000000000726262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b80a30969992682021-12-21 12:51:33.694root 11241100x8000000000000000726263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3744f695adde905f2021-12-21 12:51:33.694root 11241100x8000000000000000726264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e895150ad5cf4c2021-12-21 12:51:33.694root 11241100x8000000000000000726265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1273de46919927f2021-12-21 12:51:33.694root 11241100x8000000000000000726266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b12b511cbaf5372021-12-21 12:51:33.694root 11241100x8000000000000000726267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653819baf7007f0a2021-12-21 12:51:33.694root 11241100x8000000000000000726268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f469457efdffbf2021-12-21 12:51:33.694root 11241100x8000000000000000726269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8091ca87efc0456d2021-12-21 12:51:33.694root 11241100x8000000000000000726270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adf8ceca0dd832e2021-12-21 12:51:33.694root 11241100x8000000000000000726271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dc829475168b422021-12-21 12:51:33.695root 11241100x8000000000000000726272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280996434b912bc62021-12-21 12:51:33.695root 11241100x8000000000000000726273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970b727cfe86f5532021-12-21 12:51:33.695root 11241100x8000000000000000726274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db92dd3141c32ea2021-12-21 12:51:33.695root 11241100x8000000000000000726275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8743b3b31c6fd82021-12-21 12:51:33.695root 11241100x8000000000000000726276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b322211e5a061f042021-12-21 12:51:33.695root 11241100x8000000000000000726277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8378fcbdbb2a83e22021-12-21 12:51:33.695root 11241100x8000000000000000726278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99654dfcee81dff62021-12-21 12:51:33.695root 11241100x8000000000000000726279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4573143964939b3e2021-12-21 12:51:33.695root 11241100x8000000000000000726280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9917eae16b409afb2021-12-21 12:51:33.695root 11241100x8000000000000000726281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b65a8cd2e2510c92021-12-21 12:51:33.695root 11241100x8000000000000000726282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4b1f65740a06062021-12-21 12:51:33.696root 11241100x8000000000000000726283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917e6e3efb9f12f02021-12-21 12:51:33.696root 11241100x8000000000000000726284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eac96495b2ff1e62021-12-21 12:51:33.696root 11241100x8000000000000000726285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc159a194b384e92021-12-21 12:51:33.696root 11241100x8000000000000000726286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc41a0fa48308d462021-12-21 12:51:33.696root 11241100x8000000000000000726287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25661188de3ef442021-12-21 12:51:33.696root 11241100x8000000000000000726288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03c8bfd1ab910892021-12-21 12:51:33.696root 11241100x8000000000000000726289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cc1870fc6d8be92021-12-21 12:51:34.194root 11241100x8000000000000000726290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51120b6664fd78492021-12-21 12:51:34.194root 11241100x8000000000000000726291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba91a2f7eb18dda62021-12-21 12:51:34.194root 11241100x8000000000000000726292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e24f40a7fca3c342021-12-21 12:51:34.194root 11241100x8000000000000000726293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c6ac6380e528062021-12-21 12:51:34.194root 11241100x8000000000000000726294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b96ac44619a212021-12-21 12:51:34.194root 11241100x8000000000000000726295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017a71906d7f982c2021-12-21 12:51:34.194root 11241100x8000000000000000726296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28856b815362d232021-12-21 12:51:34.194root 11241100x8000000000000000726297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a331e1870e4ef02021-12-21 12:51:34.194root 11241100x8000000000000000726298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7670f47337209e862021-12-21 12:51:34.194root 11241100x8000000000000000726299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0734051a77c163b72021-12-21 12:51:34.194root 11241100x8000000000000000726300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d065a67c8d832ec2021-12-21 12:51:34.195root 11241100x8000000000000000726301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dcec39792e2f2a2021-12-21 12:51:34.195root 11241100x8000000000000000726302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b42500a0c295932021-12-21 12:51:34.195root 11241100x8000000000000000726303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad359fd3119317a2021-12-21 12:51:34.195root 11241100x8000000000000000726304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ad9591db5fdf0b2021-12-21 12:51:34.195root 11241100x8000000000000000726305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53bb2e97e9091062021-12-21 12:51:34.195root 11241100x8000000000000000726306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c10bc51c9fd98c2021-12-21 12:51:34.195root 11241100x8000000000000000726307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa459019c36ec3e2021-12-21 12:51:34.196root 11241100x8000000000000000726308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f600245de490bc6c2021-12-21 12:51:34.196root 11241100x8000000000000000726309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e553d5619cc0f32021-12-21 12:51:34.196root 11241100x8000000000000000726310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d482e467bfe0732021-12-21 12:51:34.196root 11241100x8000000000000000726311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bed57c26bb16522021-12-21 12:51:34.196root 11241100x8000000000000000726312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46164afc7a2890f2021-12-21 12:51:34.196root 11241100x8000000000000000726313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfce01eb128dc1712021-12-21 12:51:34.196root 11241100x8000000000000000726314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b81f612bdbcd7b2021-12-21 12:51:34.196root 11241100x8000000000000000726315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe79fa6777ec4072021-12-21 12:51:34.196root 11241100x8000000000000000726316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939a4644f094510d2021-12-21 12:51:34.196root 11241100x8000000000000000726317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e43b3bf532f8faa2021-12-21 12:51:34.197root 11241100x8000000000000000726318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf569c13d0f6f8512021-12-21 12:51:34.694root 11241100x8000000000000000726319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e760e419e6d2d2021-12-21 12:51:34.694root 11241100x8000000000000000726320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac237973309b99f92021-12-21 12:51:34.694root 11241100x8000000000000000726321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e36a538123fb3bb2021-12-21 12:51:34.694root 11241100x8000000000000000726322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798e64ab3188d3a82021-12-21 12:51:34.694root 11241100x8000000000000000726323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86f9129d72f590e2021-12-21 12:51:34.694root 11241100x8000000000000000726324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3067a60a06c65a2021-12-21 12:51:34.694root 11241100x8000000000000000726325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88f22e88b54145f2021-12-21 12:51:34.694root 11241100x8000000000000000726326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a37339b24c2644b2021-12-21 12:51:34.694root 11241100x8000000000000000726327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e35a7f531c69c2021-12-21 12:51:34.694root 11241100x8000000000000000726328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8505f5ad1347f12021-12-21 12:51:34.694root 11241100x8000000000000000726329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019c9d0a817da3ad2021-12-21 12:51:34.694root 11241100x8000000000000000726330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a15cf9c2e4b04bb2021-12-21 12:51:34.694root 11241100x8000000000000000726331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9956ef038bee52702021-12-21 12:51:34.694root 11241100x8000000000000000726332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa332fe3e9fa60a02021-12-21 12:51:34.695root 11241100x8000000000000000726333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cee4cdae2a22472021-12-21 12:51:34.695root 11241100x8000000000000000726334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db84441725091a912021-12-21 12:51:34.695root 11241100x8000000000000000726335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ddf79d479b731b2021-12-21 12:51:34.695root 11241100x8000000000000000726336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86ffe9464a596f32021-12-21 12:51:34.695root 11241100x8000000000000000726337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046137a7013402f22021-12-21 12:51:34.695root 11241100x8000000000000000726338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9f70ccfd3dd2b32021-12-21 12:51:34.695root 11241100x8000000000000000726339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9c73e8b920b6542021-12-21 12:51:34.695root 11241100x8000000000000000726340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b782c8c33a0b932021-12-21 12:51:34.695root 11241100x8000000000000000726341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf291fae9a9133c52021-12-21 12:51:34.695root 11241100x8000000000000000726342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b38e1213f4d923f2021-12-21 12:51:34.695root 11241100x8000000000000000726343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6527e716e1186152021-12-21 12:51:34.695root 11241100x8000000000000000726344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9c29307582f3292021-12-21 12:51:34.695root 11241100x8000000000000000726345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2baa8cde6c628ab2021-12-21 12:51:34.695root 11241100x8000000000000000726346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bb3e7122b4e20c2021-12-21 12:51:34.695root 11241100x8000000000000000726347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bfbaa6b808dfe52021-12-21 12:51:35.192root 11241100x8000000000000000726348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c5a5d4d0dc44052021-12-21 12:51:35.193root 11241100x8000000000000000726349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfebcdb6f66aea02021-12-21 12:51:35.193root 11241100x8000000000000000726350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e12f88d932cc0c52021-12-21 12:51:35.193root 11241100x8000000000000000726351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5a2ba67489b6ff2021-12-21 12:51:35.193root 11241100x8000000000000000726352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eda1312237f37d2021-12-21 12:51:35.193root 11241100x8000000000000000726353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aadcf4fca600fb12021-12-21 12:51:35.193root 11241100x8000000000000000726354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecca7402e7cc2602021-12-21 12:51:35.193root 11241100x8000000000000000726355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefd650c639bc0b92021-12-21 12:51:35.193root 11241100x8000000000000000726356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dee858af94284e62021-12-21 12:51:35.193root 11241100x8000000000000000726357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f174970f48b858642021-12-21 12:51:35.193root 11241100x8000000000000000726358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16021abe4a7acf512021-12-21 12:51:35.193root 11241100x8000000000000000726359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adee6325e46a7d8b2021-12-21 12:51:35.194root 11241100x8000000000000000726360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e29a3a5b2593f6e2021-12-21 12:51:35.194root 11241100x8000000000000000726361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56e2d18341099fd2021-12-21 12:51:35.194root 11241100x8000000000000000726362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b2ae8a337015d92021-12-21 12:51:35.194root 11241100x8000000000000000726363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b5d936cd6608d72021-12-21 12:51:35.194root 11241100x8000000000000000726364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f6c2413b41704e2021-12-21 12:51:35.194root 11241100x8000000000000000726365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a00450b65db7adb2021-12-21 12:51:35.194root 11241100x8000000000000000726366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c75937120536272021-12-21 12:51:35.194root 11241100x8000000000000000726367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a156463b947c0222021-12-21 12:51:35.194root 11241100x8000000000000000726368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eb4a930901eee42021-12-21 12:51:35.194root 11241100x8000000000000000726369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991a7c0db9343382021-12-21 12:51:35.194root 11241100x8000000000000000726370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e96fc642f45c262021-12-21 12:51:35.195root 11241100x8000000000000000726371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b15a7263a260bc2021-12-21 12:51:35.195root 11241100x8000000000000000726372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95f6827a0a447642021-12-21 12:51:35.195root 11241100x8000000000000000726373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b05db5bd6537922021-12-21 12:51:35.195root 11241100x8000000000000000726374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e9a26549a34a872021-12-21 12:51:35.195root 11241100x8000000000000000726375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e0caa923ad02e72021-12-21 12:51:35.195root 11241100x8000000000000000726376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154393d71da1d1c2021-12-21 12:51:35.195root 11241100x8000000000000000726377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9fe59db9fc4d8c2021-12-21 12:51:35.195root 11241100x8000000000000000726378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c77e9fa6c1dcacd2021-12-21 12:51:35.195root 11241100x8000000000000000726379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36707d962b2daac62021-12-21 12:51:35.195root 11241100x8000000000000000726380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff45a79bafa374b2021-12-21 12:51:35.195root 11241100x8000000000000000726381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b450c6145afba82021-12-21 12:51:35.196root 11241100x8000000000000000726382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff946fe30f493c32021-12-21 12:51:35.694root 11241100x8000000000000000726383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1ed68430d567bb2021-12-21 12:51:35.694root 11241100x8000000000000000726384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc2b510568741c62021-12-21 12:51:35.694root 11241100x8000000000000000726385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e124b993f061842021-12-21 12:51:35.694root 11241100x8000000000000000726386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d20f4f626cc8e82021-12-21 12:51:35.694root 11241100x8000000000000000726387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b515884fab28222021-12-21 12:51:35.694root 11241100x8000000000000000726388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603614b925e9847a2021-12-21 12:51:35.694root 11241100x8000000000000000726389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ce815cdbfbb7a2021-12-21 12:51:35.694root 11241100x8000000000000000726390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7c70fa9fb24ab2021-12-21 12:51:35.694root 11241100x8000000000000000726391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a24c0663a7874e32021-12-21 12:51:35.694root 11241100x8000000000000000726392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702be4f2daf71cf42021-12-21 12:51:35.694root 11241100x8000000000000000726393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed3fd16e081e4ef2021-12-21 12:51:35.695root 11241100x8000000000000000726394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeaa11ad1e0ebcb2021-12-21 12:51:35.695root 11241100x8000000000000000726395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5116e9651049bf2021-12-21 12:51:35.695root 11241100x8000000000000000726396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38363dafb2900e3c2021-12-21 12:51:35.695root 11241100x8000000000000000726397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a19948af144e58a2021-12-21 12:51:35.695root 11241100x8000000000000000726398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b406b65a205dd502021-12-21 12:51:35.695root 11241100x8000000000000000726399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0faa42b5017f7d82021-12-21 12:51:35.695root 11241100x8000000000000000726400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e6b0e4c02af312021-12-21 12:51:35.695root 11241100x8000000000000000726401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bdefa6d6e873b62021-12-21 12:51:35.695root 11241100x8000000000000000726402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a10da60b13aae202021-12-21 12:51:35.695root 11241100x8000000000000000726403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5c9e5a27dd8dab2021-12-21 12:51:35.695root 11241100x8000000000000000726404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d594fc0823e1e2021-12-21 12:51:35.695root 11241100x8000000000000000726405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c74c1952b7aa232021-12-21 12:51:35.695root 11241100x8000000000000000726406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9960a40a907f6a2021-12-21 12:51:35.695root 11241100x8000000000000000726407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf3ebe36720a522021-12-21 12:51:35.695root 11241100x8000000000000000726408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80c4b536d7fa812021-12-21 12:51:35.696root 11241100x8000000000000000726409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b628d0a147e2e2312021-12-21 12:51:35.696root 11241100x8000000000000000726410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbc617bea37ece82021-12-21 12:51:35.696root 354300x8000000000000000726411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.111{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50588-false10.0.1.12-8000- 11241100x8000000000000000726412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85b9823f1298d022021-12-21 12:51:36.112root 11241100x8000000000000000726413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a09fffcd4d2d9b12021-12-21 12:51:36.112root 11241100x8000000000000000726414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0b92f8b15758d2021-12-21 12:51:36.112root 11241100x8000000000000000726415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86d82170a164d892021-12-21 12:51:36.112root 11241100x8000000000000000726416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464bac93a87d49882021-12-21 12:51:36.112root 11241100x8000000000000000726417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2223d58c8712831f2021-12-21 12:51:36.112root 11241100x8000000000000000726418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847b335465d0060e2021-12-21 12:51:36.112root 11241100x8000000000000000726419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7262f7d145b01cd2021-12-21 12:51:36.113root 11241100x8000000000000000726420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9433715c9cabb9562021-12-21 12:51:36.113root 11241100x8000000000000000726421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14419d41cc4a40b62021-12-21 12:51:36.113root 11241100x8000000000000000726422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfe06d1bdd306082021-12-21 12:51:36.113root 11241100x8000000000000000726423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8cb9f5362e7f8c2021-12-21 12:51:36.113root 11241100x8000000000000000726424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429eda14759c3f302021-12-21 12:51:36.113root 11241100x8000000000000000726425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a90b0d3851442672021-12-21 12:51:36.113root 11241100x8000000000000000726426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c074ea227b4fb32021-12-21 12:51:36.113root 11241100x8000000000000000726427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a51a531d8f6f8762021-12-21 12:51:36.113root 11241100x8000000000000000726428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3035aa2612a75b4d2021-12-21 12:51:36.113root 11241100x8000000000000000726429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c257522293c30222021-12-21 12:51:36.113root 11241100x8000000000000000726430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6719583532c34d72021-12-21 12:51:36.113root 11241100x8000000000000000726431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8666820203fa70c2021-12-21 12:51:36.114root 11241100x8000000000000000726432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55ec75743d6e3432021-12-21 12:51:36.114root 11241100x8000000000000000726433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba89072e2b69f62021-12-21 12:51:36.114root 11241100x8000000000000000726434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bd1aefa2158d202021-12-21 12:51:36.114root 11241100x8000000000000000726435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6710bf46c5fc0fa42021-12-21 12:51:36.114root 11241100x8000000000000000726436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197a5d1adba10fb12021-12-21 12:51:36.114root 11241100x8000000000000000726437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947306b90c9638832021-12-21 12:51:36.114root 11241100x8000000000000000726438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c595291cf34b1132021-12-21 12:51:36.114root 11241100x8000000000000000726439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3458aabef0141eeb2021-12-21 12:51:36.114root 11241100x8000000000000000726440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c35f7a114d5fae2021-12-21 12:51:36.114root 11241100x8000000000000000726441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2807503338ab3ca02021-12-21 12:51:36.115root 11241100x8000000000000000726442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e365c0f92ac0572021-12-21 12:51:36.115root 11241100x8000000000000000726443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4591707c170e98e2021-12-21 12:51:36.115root 11241100x8000000000000000726444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80058ed60a2ea162021-12-21 12:51:36.115root 11241100x8000000000000000726445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34923bfd70b7a5d2021-12-21 12:51:36.115root 11241100x8000000000000000726446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3557d666000b16082021-12-21 12:51:36.115root 11241100x8000000000000000726447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37275e4c4c3803e92021-12-21 12:51:36.115root 11241100x8000000000000000726448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bcec97201f611c2021-12-21 12:51:36.115root 11241100x8000000000000000726449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83468ef06da9fe662021-12-21 12:51:36.115root 11241100x8000000000000000726450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e36fe3e268b07f62021-12-21 12:51:36.116root 11241100x8000000000000000726451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0a32dddfb1b82c2021-12-21 12:51:36.116root 11241100x8000000000000000726452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc922fc38fb90cd2021-12-21 12:51:36.116root 11241100x8000000000000000726453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edfdf6b7f90deda2021-12-21 12:51:36.116root 11241100x8000000000000000726454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4311247b24f103852021-12-21 12:51:36.116root 11241100x8000000000000000726455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1446ec67396916612021-12-21 12:51:36.116root 11241100x8000000000000000726456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8230e433fc5ff21e2021-12-21 12:51:36.116root 11241100x8000000000000000726457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc0bd2a96ee8a742021-12-21 12:51:36.116root 11241100x8000000000000000726458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:51:36.131root 11241100x8000000000000000726459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fdd32581ba10ee2021-12-21 12:51:36.443root 11241100x8000000000000000726460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7918807f2565fe532021-12-21 12:51:36.443root 11241100x8000000000000000726461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9badc8b31478b12021-12-21 12:51:36.443root 11241100x8000000000000000726462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac349e53d8ebb142021-12-21 12:51:36.443root 11241100x8000000000000000726463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb7a07485d2f7b52021-12-21 12:51:36.444root 11241100x8000000000000000726464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080247351da404b32021-12-21 12:51:36.444root 11241100x8000000000000000726465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b367fee903dfe16d2021-12-21 12:51:36.444root 11241100x8000000000000000726466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e9ba49e696f01e2021-12-21 12:51:36.444root 11241100x8000000000000000726467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc20e7c6d7c9d1f02021-12-21 12:51:36.444root 11241100x8000000000000000726468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0741a7a48655b62021-12-21 12:51:36.444root 11241100x8000000000000000726469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f313054e4cbc01292021-12-21 12:51:36.444root 11241100x8000000000000000726470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38d0884e56261a2021-12-21 12:51:36.444root 11241100x8000000000000000726471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2033572f84fdb62021-12-21 12:51:36.444root 11241100x8000000000000000726472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c536958a669aec2021-12-21 12:51:36.444root 11241100x8000000000000000726473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77488f93d4ef7aaa2021-12-21 12:51:36.444root 11241100x8000000000000000726474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b79b29595cd37252021-12-21 12:51:36.444root 11241100x8000000000000000726475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff6d3646d1ce0262021-12-21 12:51:36.444root 11241100x8000000000000000726476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc7d0749078706e2021-12-21 12:51:36.444root 11241100x8000000000000000726477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448a93d3d4d6f132021-12-21 12:51:36.444root 11241100x8000000000000000726478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a56fe6c6b3f8882021-12-21 12:51:36.444root 11241100x8000000000000000726479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495d2a4d3007f7e42021-12-21 12:51:36.445root 11241100x8000000000000000726480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada9ca22e817af862021-12-21 12:51:36.445root 11241100x8000000000000000726481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925e29563cd630572021-12-21 12:51:36.445root 11241100x8000000000000000726482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc679eb2f63ffcd42021-12-21 12:51:36.445root 11241100x8000000000000000726483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b75221196ff002021-12-21 12:51:36.445root 11241100x8000000000000000726484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c08bcb4e18e111d2021-12-21 12:51:36.445root 11241100x8000000000000000726485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c83c782ecde8e92021-12-21 12:51:36.445root 11241100x8000000000000000726486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e67b01f5901212021-12-21 12:51:36.445root 11241100x8000000000000000726487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8feb2963b5c83c2021-12-21 12:51:36.445root 11241100x8000000000000000726488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90736aabadc38b6e2021-12-21 12:51:36.445root 11241100x8000000000000000726489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3709e01970d9ee9c2021-12-21 12:51:36.445root 11241100x8000000000000000726490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe134c2f5fc8452021-12-21 12:51:36.943root 11241100x8000000000000000726491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd022498e5244292021-12-21 12:51:36.943root 11241100x8000000000000000726492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e524d15fe640451b2021-12-21 12:51:36.943root 11241100x8000000000000000726493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2f533792198fa92021-12-21 12:51:36.944root 11241100x8000000000000000726494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f51d2739ffa98c2021-12-21 12:51:36.944root 11241100x8000000000000000726495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff79d3ec08aa7392021-12-21 12:51:36.944root 11241100x8000000000000000726496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb5f7f94df8be622021-12-21 12:51:36.944root 11241100x8000000000000000726497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b806cc4ee92b4d2021-12-21 12:51:36.944root 11241100x8000000000000000726498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96947b866b80536c2021-12-21 12:51:36.944root 11241100x8000000000000000726499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5a459b9409daf32021-12-21 12:51:36.944root 11241100x8000000000000000726500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9012af920ccdee2021-12-21 12:51:36.944root 11241100x8000000000000000726501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14081363cfbce6e42021-12-21 12:51:36.944root 11241100x8000000000000000726502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484645d0c53cc9502021-12-21 12:51:36.944root 11241100x8000000000000000726503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fec325cd4a95bc2021-12-21 12:51:36.944root 11241100x8000000000000000726504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aea8c5bd22199a2021-12-21 12:51:36.945root 11241100x8000000000000000726505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eb7d04ad6bb6002021-12-21 12:51:36.945root 11241100x8000000000000000726506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c809c9496a0bf852021-12-21 12:51:36.945root 11241100x8000000000000000726507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a276aa8af51e8c2021-12-21 12:51:36.945root 11241100x8000000000000000726508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea97844fa4322a2f2021-12-21 12:51:36.945root 11241100x8000000000000000726509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144337edd379e5552021-12-21 12:51:36.945root 11241100x8000000000000000726510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e7b91510bffa32021-12-21 12:51:36.945root 11241100x8000000000000000726511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838346d7168cfdf62021-12-21 12:51:36.945root 11241100x8000000000000000726512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df427560ffd9f6d2021-12-21 12:51:36.945root 11241100x8000000000000000726513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0359407cb9a76e2021-12-21 12:51:36.946root 11241100x8000000000000000726514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a734a60c5c31c3112021-12-21 12:51:36.946root 11241100x8000000000000000726515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16728d58a1c2f3b82021-12-21 12:51:36.946root 11241100x8000000000000000726516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d9d269ac9d65c32021-12-21 12:51:36.946root 11241100x8000000000000000726517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3822fe01381e56e2021-12-21 12:51:36.946root 11241100x8000000000000000726518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8ee533d2e17b0f2021-12-21 12:51:36.946root 11241100x8000000000000000726519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1894f3299d5f32021-12-21 12:51:36.946root 11241100x8000000000000000726520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e66eb04e3bf8b02021-12-21 12:51:36.946root 11241100x8000000000000000726521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2266652baf5462021-12-21 12:51:36.946root 11241100x8000000000000000726522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06df2767e66e5cd2021-12-21 12:51:37.443root 11241100x8000000000000000726523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a469f03740f1c12021-12-21 12:51:37.443root 11241100x8000000000000000726524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea157a7a27a2d62a2021-12-21 12:51:37.443root 11241100x8000000000000000726525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbe3a5ae6fa98442021-12-21 12:51:37.443root 11241100x8000000000000000726526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a2211fac78a9b82021-12-21 12:51:37.444root 11241100x8000000000000000726527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ae0ac694b7d8122021-12-21 12:51:37.444root 11241100x8000000000000000726528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe67f94b70f8772021-12-21 12:51:37.444root 11241100x8000000000000000726529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57545c4b386b9bc62021-12-21 12:51:37.444root 11241100x8000000000000000726530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c0b80f8b779f1a2021-12-21 12:51:37.444root 11241100x8000000000000000726531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518bfc6775e74b422021-12-21 12:51:37.444root 11241100x8000000000000000726532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb80e29f185b93a2021-12-21 12:51:37.444root 11241100x8000000000000000726533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c97da118e2e772021-12-21 12:51:37.444root 11241100x8000000000000000726534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8040cc8f0c4d955a2021-12-21 12:51:37.444root 11241100x8000000000000000726535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71fa8f8ac1aa9452021-12-21 12:51:37.444root 11241100x8000000000000000726536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b59d8240efdd6eb2021-12-21 12:51:37.444root 11241100x8000000000000000726537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8af3b8cfdfa2ad2021-12-21 12:51:37.444root 11241100x8000000000000000726538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e594240fd4a15f2021-12-21 12:51:37.444root 11241100x8000000000000000726539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136bb3c04f1c62562021-12-21 12:51:37.444root 11241100x8000000000000000726540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4337b022a3107c32021-12-21 12:51:37.444root 11241100x8000000000000000726541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246ee2a3a7f607332021-12-21 12:51:37.444root 11241100x8000000000000000726542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e1ca7ec9866c462021-12-21 12:51:37.445root 11241100x8000000000000000726543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1c525ffe316a2e2021-12-21 12:51:37.445root 11241100x8000000000000000726544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143f830e32bff1962021-12-21 12:51:37.445root 11241100x8000000000000000726545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123377f9eb7bc47b2021-12-21 12:51:37.445root 11241100x8000000000000000726546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4503ca1ad0c2cd942021-12-21 12:51:37.445root 11241100x8000000000000000726547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59d36c6b51979152021-12-21 12:51:37.445root 11241100x8000000000000000726548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4733dfa697ac5aec2021-12-21 12:51:37.445root 11241100x8000000000000000726549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1ef03fe648181a2021-12-21 12:51:37.445root 11241100x8000000000000000726550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e979df9db8e822a2021-12-21 12:51:37.445root 11241100x8000000000000000726551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f99f8f2752acc2021-12-21 12:51:37.445root 11241100x8000000000000000726552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b58a4d67c6f6ec12021-12-21 12:51:37.445root 11241100x8000000000000000726553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1047a96c9cdf402021-12-21 12:51:37.952root 11241100x8000000000000000726554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83146f64f3be66862021-12-21 12:51:37.952root 11241100x8000000000000000726555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d2be3877618fe22021-12-21 12:51:37.953root 11241100x8000000000000000726556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b68b5bcf58b7a0b2021-12-21 12:51:37.953root 11241100x8000000000000000726557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1963315192b3ed392021-12-21 12:51:37.953root 11241100x8000000000000000726558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f88620fb681fd172021-12-21 12:51:37.953root 11241100x8000000000000000726559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88071f193371a6f22021-12-21 12:51:37.953root 11241100x8000000000000000726560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503b2b3bb705ad932021-12-21 12:51:37.953root 11241100x8000000000000000726561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c6478a6e5f58b32021-12-21 12:51:37.953root 11241100x8000000000000000726562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269af53a533d03f12021-12-21 12:51:37.954root 11241100x8000000000000000726563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e9d942170942a52021-12-21 12:51:37.954root 11241100x8000000000000000726564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ce3b78b5b9d76a2021-12-21 12:51:37.954root 11241100x8000000000000000726565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b5a4c87040a2e92021-12-21 12:51:37.954root 11241100x8000000000000000726566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399105b98fd5d4142021-12-21 12:51:37.954root 11241100x8000000000000000726567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3659d42e331e76312021-12-21 12:51:37.954root 11241100x8000000000000000726568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3ac7c2a160e4a42021-12-21 12:51:37.954root 11241100x8000000000000000726569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a3db892dea29c92021-12-21 12:51:37.954root 11241100x8000000000000000726570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774884522d969fd2021-12-21 12:51:37.954root 11241100x8000000000000000726571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8e147ff301b7b72021-12-21 12:51:37.954root 11241100x8000000000000000726572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5ea30bc172fc652021-12-21 12:51:37.954root 11241100x8000000000000000726573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d000ab56fc34c2e2021-12-21 12:51:37.954root 11241100x8000000000000000726574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa54ddfcc1e157f02021-12-21 12:51:37.955root 11241100x8000000000000000726575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737a2e3ab8106a92021-12-21 12:51:37.955root 11241100x8000000000000000726576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6136325c89a1ec702021-12-21 12:51:37.955root 11241100x8000000000000000726577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5212a801db97db2021-12-21 12:51:37.955root 11241100x8000000000000000726578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8957f300c97fe8ba2021-12-21 12:51:37.955root 11241100x8000000000000000726579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9197fba5dbd8cacb2021-12-21 12:51:37.955root 11241100x8000000000000000726580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b858004486407912021-12-21 12:51:37.955root 11241100x8000000000000000726581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f169bdf100cea76b2021-12-21 12:51:37.955root 11241100x8000000000000000726582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14f5e6012d433f62021-12-21 12:51:37.956root 11241100x8000000000000000726583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae36ef3c218b70302021-12-21 12:51:37.956root 11241100x8000000000000000726584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda73dd6b42dd0bb2021-12-21 12:51:37.956root 11241100x8000000000000000726585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed032621f53e52b2021-12-21 12:51:37.956root 11241100x8000000000000000726586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b86cbecc777852021-12-21 12:51:38.443root 11241100x8000000000000000726587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c146f9ae10f0f772021-12-21 12:51:38.443root 11241100x8000000000000000726588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e02505ada1e7a2021-12-21 12:51:38.443root 11241100x8000000000000000726589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb865b0be8baabd42021-12-21 12:51:38.443root 11241100x8000000000000000726590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002b2ab2494e2c852021-12-21 12:51:38.444root 11241100x8000000000000000726591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eec013ad3433e92021-12-21 12:51:38.444root 11241100x8000000000000000726592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5edef5f2798fa392021-12-21 12:51:38.444root 11241100x8000000000000000726593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1e14f9cd3fce022021-12-21 12:51:38.444root 11241100x8000000000000000726594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23cdbb826d0cd1e2021-12-21 12:51:38.444root 11241100x8000000000000000726595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56115392af2c709a2021-12-21 12:51:38.444root 11241100x8000000000000000726596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af18e3d8f76bc0652021-12-21 12:51:38.444root 11241100x8000000000000000726597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4072684e525f4c32021-12-21 12:51:38.444root 11241100x8000000000000000726598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062f14552879ea7b2021-12-21 12:51:38.444root 11241100x8000000000000000726599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd944d9bb5b8dae2021-12-21 12:51:38.444root 11241100x8000000000000000726600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a3fd204f7da91f2021-12-21 12:51:38.444root 11241100x8000000000000000726601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc2cccdb9e684462021-12-21 12:51:38.444root 11241100x8000000000000000726602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a526502163c6e7552021-12-21 12:51:38.444root 11241100x8000000000000000726603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c62fb9551a72e02021-12-21 12:51:38.444root 11241100x8000000000000000726604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446c8cc9d3a4faf42021-12-21 12:51:38.444root 11241100x8000000000000000726605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4718947adeff9f2021-12-21 12:51:38.444root 11241100x8000000000000000726606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959615ed95828fb2021-12-21 12:51:38.445root 11241100x8000000000000000726607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47900f530190312e2021-12-21 12:51:38.445root 11241100x8000000000000000726608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d06b7f738f05cc72021-12-21 12:51:38.445root 11241100x8000000000000000726609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6acb5b338d554d02021-12-21 12:51:38.445root 11241100x8000000000000000726610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51122663c1821ca12021-12-21 12:51:38.445root 11241100x8000000000000000726611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189aa8a41be7e2cc2021-12-21 12:51:38.445root 11241100x8000000000000000726612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e261f871f3c0242021-12-21 12:51:38.445root 11241100x8000000000000000726613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd52c48e713ef63c2021-12-21 12:51:38.445root 11241100x8000000000000000726614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa40f5dcfbfbd372021-12-21 12:51:38.445root 11241100x8000000000000000726615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52141fc065aad082021-12-21 12:51:38.445root 11241100x8000000000000000726616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d677c0af175b72021-12-21 12:51:38.445root 11241100x8000000000000000726617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca097bc83b6d8ee2021-12-21 12:51:38.943root 11241100x8000000000000000726618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f117961c2765c8092021-12-21 12:51:38.943root 11241100x8000000000000000726619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd10ae7695d9ff882021-12-21 12:51:38.943root 11241100x8000000000000000726620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568727b9703cb4f42021-12-21 12:51:38.943root 11241100x8000000000000000726621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14708a8296590ba2021-12-21 12:51:38.944root 11241100x8000000000000000726622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d70a80c3dc1b2c82021-12-21 12:51:38.944root 11241100x8000000000000000726623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659101fb2b32ce172021-12-21 12:51:38.944root 11241100x8000000000000000726624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d3c34e467bf0f82021-12-21 12:51:38.944root 11241100x8000000000000000726625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59de0aa31f1d012c2021-12-21 12:51:38.944root 11241100x8000000000000000726626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7afee19fd6b08402021-12-21 12:51:38.944root 11241100x8000000000000000726627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c3ff3522d2135f2021-12-21 12:51:38.944root 11241100x8000000000000000726628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4118e1072bebacc22021-12-21 12:51:38.944root 11241100x8000000000000000726629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715b236cc240596b2021-12-21 12:51:38.944root 11241100x8000000000000000726630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076c638deb246d8a2021-12-21 12:51:38.944root 11241100x8000000000000000726631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a222ed624c076392021-12-21 12:51:38.944root 11241100x8000000000000000726632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887c74f97ba004eb2021-12-21 12:51:38.944root 11241100x8000000000000000726633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679071c98edad79e2021-12-21 12:51:38.944root 11241100x8000000000000000726634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7710394847a2ba712021-12-21 12:51:38.944root 11241100x8000000000000000726635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27acc901163419582021-12-21 12:51:38.944root 11241100x8000000000000000726636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a636b24e582b7b772021-12-21 12:51:38.944root 11241100x8000000000000000726637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43323f2bca73339c2021-12-21 12:51:38.945root 11241100x8000000000000000726638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2ea8aa156c13ba2021-12-21 12:51:38.945root 11241100x8000000000000000726639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916bc771d372e6c42021-12-21 12:51:38.945root 11241100x8000000000000000726640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfbc969286c96092021-12-21 12:51:38.945root 11241100x8000000000000000726641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000a5ce5685ad1c02021-12-21 12:51:38.945root 11241100x8000000000000000726642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f058a2bb0d7ac6622021-12-21 12:51:38.945root 11241100x8000000000000000726643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fb8334b91ad31f2021-12-21 12:51:38.945root 11241100x8000000000000000726644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b886f113f81e57a02021-12-21 12:51:38.945root 11241100x8000000000000000726645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d319c3573e1a9592021-12-21 12:51:38.945root 11241100x8000000000000000726646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6382a232e29c0a92021-12-21 12:51:38.945root 11241100x8000000000000000726647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc54af5cd1adfe62021-12-21 12:51:38.945root 11241100x8000000000000000726648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43fa7336490f7352021-12-21 12:51:38.945root 11241100x8000000000000000726649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062a6db344807f9c2021-12-21 12:51:39.443root 11241100x8000000000000000726650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887e96668c057c172021-12-21 12:51:39.443root 11241100x8000000000000000726651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7c54027db49dca2021-12-21 12:51:39.443root 11241100x8000000000000000726652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69bcb7d106c2fbb2021-12-21 12:51:39.443root 11241100x8000000000000000726653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eaaf748bc9651b2021-12-21 12:51:39.444root 11241100x8000000000000000726654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba7992c2dd11cf22021-12-21 12:51:39.444root 11241100x8000000000000000726655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41f4b947160ef832021-12-21 12:51:39.444root 11241100x8000000000000000726656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae1feeedfaea4bb2021-12-21 12:51:39.444root 11241100x8000000000000000726657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14955667dfa9207f2021-12-21 12:51:39.444root 11241100x8000000000000000726658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93164b3a95090f5b2021-12-21 12:51:39.444root 11241100x8000000000000000726659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb64dd5cc5b4f3d2021-12-21 12:51:39.444root 11241100x8000000000000000726660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0779f53d6f858c92021-12-21 12:51:39.444root 11241100x8000000000000000726661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875aecff45ccbd2e2021-12-21 12:51:39.444root 11241100x8000000000000000726662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f6e3f7a754815a2021-12-21 12:51:39.444root 11241100x8000000000000000726663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e65301a9673f2f2021-12-21 12:51:39.444root 11241100x8000000000000000726664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab36b5e3ae462c062021-12-21 12:51:39.444root 11241100x8000000000000000726665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0416bde824717f2e2021-12-21 12:51:39.444root 11241100x8000000000000000726666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83eae88160c05ddf2021-12-21 12:51:39.445root 11241100x8000000000000000726667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75fba6809e7b482021-12-21 12:51:39.445root 11241100x8000000000000000726668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e05ebb92a1a6fb2021-12-21 12:51:39.445root 11241100x8000000000000000726669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548db5bb56de35372021-12-21 12:51:39.445root 11241100x8000000000000000726670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7d795ae61971012021-12-21 12:51:39.445root 11241100x8000000000000000726671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4259d8adb52deff02021-12-21 12:51:39.445root 11241100x8000000000000000726672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f78645bd928ce2021-12-21 12:51:39.445root 11241100x8000000000000000726673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3ebf615b2359662021-12-21 12:51:39.445root 11241100x8000000000000000726674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4c6c3675e2ef252021-12-21 12:51:39.445root 11241100x8000000000000000726675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7f4e2f9d2fb7642021-12-21 12:51:39.445root 11241100x8000000000000000726676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde8194f0c4d3ef2021-12-21 12:51:39.445root 11241100x8000000000000000726677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60f7ff07f84f1c92021-12-21 12:51:39.445root 11241100x8000000000000000726678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fee072ba3cfdca2021-12-21 12:51:39.445root 11241100x8000000000000000726679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af601c2aa1855252021-12-21 12:51:39.445root 11241100x8000000000000000726680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b5d8733bb5a6212021-12-21 12:51:39.445root 11241100x8000000000000000726681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba6881dd2c7f2222021-12-21 12:51:39.943root 11241100x8000000000000000726682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ed48976b945232021-12-21 12:51:39.943root 11241100x8000000000000000726683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fae5d764d6c5e82021-12-21 12:51:39.943root 11241100x8000000000000000726684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18232adfcff1304a2021-12-21 12:51:39.943root 11241100x8000000000000000726685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2eca44be9fd4082021-12-21 12:51:39.944root 11241100x8000000000000000726686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5daaa736cb892c2021-12-21 12:51:39.944root 11241100x8000000000000000726687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bf576262e90b0c2021-12-21 12:51:39.944root 11241100x8000000000000000726688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a54e4590a62ed92021-12-21 12:51:39.944root 11241100x8000000000000000726689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c78af3a5caf6abf2021-12-21 12:51:39.944root 11241100x8000000000000000726690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7265d87b5b2072021-12-21 12:51:39.944root 11241100x8000000000000000726691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2568572f573a2b2021-12-21 12:51:39.944root 11241100x8000000000000000726692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3168df2ec183ab752021-12-21 12:51:39.944root 11241100x8000000000000000726693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2335d2c82d8956592021-12-21 12:51:39.944root 11241100x8000000000000000726694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fabe2fa519b9cb92021-12-21 12:51:39.944root 11241100x8000000000000000726695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b982d2c6e45512021-12-21 12:51:39.944root 11241100x8000000000000000726696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db0882c129e84d52021-12-21 12:51:39.944root 11241100x8000000000000000726697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a886a1cabaa275f2021-12-21 12:51:39.944root 11241100x8000000000000000726698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f196479d011ce2192021-12-21 12:51:39.944root 11241100x8000000000000000726699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75137761fff588b2021-12-21 12:51:39.944root 11241100x8000000000000000726700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b334355b81372cb2021-12-21 12:51:39.945root 11241100x8000000000000000726701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdb7b99338cfa862021-12-21 12:51:39.945root 11241100x8000000000000000726702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aec9de84574aa6d2021-12-21 12:51:39.945root 11241100x8000000000000000726703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff69e0865c5c6d32021-12-21 12:51:39.945root 11241100x8000000000000000726704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9209ca9dc1acc9e82021-12-21 12:51:39.945root 11241100x8000000000000000726705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5080f0ecfa1befaf2021-12-21 12:51:39.945root 11241100x8000000000000000726706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af39f5a537be8ec2021-12-21 12:51:39.945root 11241100x8000000000000000726707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e44394a0fe4fcbb2021-12-21 12:51:39.945root 11241100x8000000000000000726708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544e0c17549fad302021-12-21 12:51:39.945root 11241100x8000000000000000726709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c901e37c6a8721902021-12-21 12:51:39.945root 11241100x8000000000000000726710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe9ed943ec46c5f2021-12-21 12:51:39.945root 11241100x8000000000000000726711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a83925f7e1a06312021-12-21 12:51:39.946root 11241100x8000000000000000726712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64977867d6d7c3bf2021-12-21 12:51:39.946root 154100x8000000000000000726713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.013{ec2b6afe-cddc-61c1-68c4-f79a81550000}10159/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000726714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.025{ec2b6afe-cddc-61c1-68c4-f79a81550000}10159/bin/psroot 11241100x8000000000000000726715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05408f75a23e484e2021-12-21 12:51:40.443root 11241100x8000000000000000726716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2572d0b15968172021-12-21 12:51:40.443root 11241100x8000000000000000726717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c2b3de8c1e3a0f2021-12-21 12:51:40.443root 11241100x8000000000000000726718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8666ffa8f78dc392021-12-21 12:51:40.443root 11241100x8000000000000000726719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdb71622bc5ba5c2021-12-21 12:51:40.444root 11241100x8000000000000000726720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52af8d3656af1e8e2021-12-21 12:51:40.444root 11241100x8000000000000000726721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26c0aef25f862c62021-12-21 12:51:40.444root 11241100x8000000000000000726722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68432f41d9ae2ae92021-12-21 12:51:40.444root 11241100x8000000000000000726723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304401ceafe80ea62021-12-21 12:51:40.444root 11241100x8000000000000000726724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae87ea5e354a3f932021-12-21 12:51:40.444root 11241100x8000000000000000726725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261ba20dad4e0bbf2021-12-21 12:51:40.444root 11241100x8000000000000000726726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945fb1e2fb70fb4d2021-12-21 12:51:40.444root 11241100x8000000000000000726727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8261ab089f586a852021-12-21 12:51:40.444root 11241100x8000000000000000726728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2501813e1585150c2021-12-21 12:51:40.444root 11241100x8000000000000000726729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad343160e8957e72021-12-21 12:51:40.444root 11241100x8000000000000000726730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5488657385fc23962021-12-21 12:51:40.444root 11241100x8000000000000000726731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f4ea4999152a4e2021-12-21 12:51:40.444root 11241100x8000000000000000726732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a8342498ec0382021-12-21 12:51:40.444root 11241100x8000000000000000726733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a119d72cbc6dce2021-12-21 12:51:40.444root 11241100x8000000000000000726734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcbf9bcb38e53242021-12-21 12:51:40.444root 11241100x8000000000000000726735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954eeba30a10cd9d2021-12-21 12:51:40.445root 11241100x8000000000000000726736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85838b5130f35b592021-12-21 12:51:40.445root 11241100x8000000000000000726737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c5d684fd84a9092021-12-21 12:51:40.445root 11241100x8000000000000000726738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8248f68c43edc5db2021-12-21 12:51:40.445root 11241100x8000000000000000726739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea102646a19cbba2021-12-21 12:51:40.445root 11241100x8000000000000000726740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60395be0d4168d9b2021-12-21 12:51:40.445root 11241100x8000000000000000726741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136e7a9683e4f4ae2021-12-21 12:51:40.445root 11241100x8000000000000000726742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9f3c1ef410cd3a2021-12-21 12:51:40.445root 11241100x8000000000000000726743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db43d481f2a20e72021-12-21 12:51:40.445root 11241100x8000000000000000726744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23815c4bf9cb4ef42021-12-21 12:51:40.445root 11241100x8000000000000000726745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f03431e4d4ceede2021-12-21 12:51:40.445root 11241100x8000000000000000726746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5991235a68d30c712021-12-21 12:51:40.445root 11241100x8000000000000000726747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d2b0250e6c2eb92021-12-21 12:51:40.445root 11241100x8000000000000000726748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16f05bb9fea38932021-12-21 12:51:40.445root 11241100x8000000000000000726749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beeca2f40f23401a2021-12-21 12:51:40.943root 11241100x8000000000000000726750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce32942dd9e410cc2021-12-21 12:51:40.943root 11241100x8000000000000000726751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90cb98ab0dc6c702021-12-21 12:51:40.943root 11241100x8000000000000000726752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b56f454a8eea0d82021-12-21 12:51:40.943root 11241100x8000000000000000726753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f80564ba49c8c7e2021-12-21 12:51:40.944root 11241100x8000000000000000726754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b462fc95e7da3a2021-12-21 12:51:40.944root 11241100x8000000000000000726755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7428b5c17fec6f52021-12-21 12:51:40.944root 11241100x8000000000000000726756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c75ff153c535aff2021-12-21 12:51:40.944root 11241100x8000000000000000726757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e4a93626eda3f12021-12-21 12:51:40.944root 11241100x8000000000000000726758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2254f0edbcd24a2021-12-21 12:51:40.944root 11241100x8000000000000000726759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbde362395e4f352021-12-21 12:51:40.944root 11241100x8000000000000000726760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e65f886c3e1fc62021-12-21 12:51:40.944root 11241100x8000000000000000726761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7316fde4043b6c2021-12-21 12:51:40.944root 11241100x8000000000000000726762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9ce422b085be202021-12-21 12:51:40.944root 11241100x8000000000000000726763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb47cc80392b66b2021-12-21 12:51:40.944root 11241100x8000000000000000726764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0348a9481ce695c42021-12-21 12:51:40.944root 11241100x8000000000000000726765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a03e42f3f51cdf2021-12-21 12:51:40.944root 11241100x8000000000000000726766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7cc17f1a46092c2021-12-21 12:51:40.944root 11241100x8000000000000000726767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da84e39c5d296b42021-12-21 12:51:40.944root 11241100x8000000000000000726768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cb2c8ac3e22fcc2021-12-21 12:51:40.944root 11241100x8000000000000000726769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cec7c4c4d796e92021-12-21 12:51:40.945root 11241100x8000000000000000726770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56bc3f7ceb0f28f2021-12-21 12:51:40.945root 11241100x8000000000000000726771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d805c5d1b6499aa02021-12-21 12:51:40.945root 11241100x8000000000000000726772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfdc4d88e8e1f8f2021-12-21 12:51:40.945root 11241100x8000000000000000726773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b65ec231125ff492021-12-21 12:51:40.945root 11241100x8000000000000000726774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afaae5dc140d5f12021-12-21 12:51:40.945root 11241100x8000000000000000726775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee08184d5d4153f2021-12-21 12:51:40.945root 11241100x8000000000000000726776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27ee86690d71f922021-12-21 12:51:40.945root 11241100x8000000000000000726777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0953f5ead28aff2021-12-21 12:51:40.945root 11241100x8000000000000000726778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4937bf238abe7842021-12-21 12:51:40.945root 11241100x8000000000000000726779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595d368b05510a252021-12-21 12:51:40.945root 11241100x8000000000000000726780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001fe80a9897e1db2021-12-21 12:51:40.945root 11241100x8000000000000000726781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931987ee99a751002021-12-21 12:51:40.945root 11241100x8000000000000000726782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7d811a9da20b142021-12-21 12:51:40.945root 11241100x8000000000000000726783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d31bdb1db38c212021-12-21 12:51:40.945root 354300x8000000000000000726784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.168{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50590-false10.0.1.12-8000- 11241100x8000000000000000726785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f199f0687006752021-12-21 12:51:41.443root 11241100x8000000000000000726786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d40fa3b8b69a52021-12-21 12:51:41.443root 11241100x8000000000000000726787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0d0302e25dfa192021-12-21 12:51:41.443root 11241100x8000000000000000726788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c13c9ccc81593a2021-12-21 12:51:41.443root 11241100x8000000000000000726789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af90ae7bf967552a2021-12-21 12:51:41.444root 11241100x8000000000000000726790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9cbd9c56e73f2f2021-12-21 12:51:41.444root 11241100x8000000000000000726791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033e361720ae5d912021-12-21 12:51:41.444root 11241100x8000000000000000726792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebffe658fe7789cc2021-12-21 12:51:41.444root 11241100x8000000000000000726793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ca0d970299fcf32021-12-21 12:51:41.444root 11241100x8000000000000000726794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd86c97fd27e18a2021-12-21 12:51:41.444root 11241100x8000000000000000726795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b0a1fcb3c7a6972021-12-21 12:51:41.444root 11241100x8000000000000000726796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6325cc42aa2a632c2021-12-21 12:51:41.444root 11241100x8000000000000000726797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f9ba568651ea4b2021-12-21 12:51:41.444root 11241100x8000000000000000726798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c2de45c679048e2021-12-21 12:51:41.444root 11241100x8000000000000000726799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1051b7be610330ae2021-12-21 12:51:41.444root 11241100x8000000000000000726800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383647d5724a02182021-12-21 12:51:41.444root 11241100x8000000000000000726801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aa7e64fac5ff8c2021-12-21 12:51:41.444root 11241100x8000000000000000726802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b17d3e287b9b692021-12-21 12:51:41.444root 11241100x8000000000000000726803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3992fe93f346880e2021-12-21 12:51:41.444root 11241100x8000000000000000726804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b79cbe6c53dc02021-12-21 12:51:41.444root 11241100x8000000000000000726805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad886bd3f19edf62021-12-21 12:51:41.445root 11241100x8000000000000000726806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc93667e6dde7a32021-12-21 12:51:41.445root 11241100x8000000000000000726807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd763ede00a4f32021-12-21 12:51:41.445root 11241100x8000000000000000726808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e3a78f32e0aa792021-12-21 12:51:41.445root 11241100x8000000000000000726809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3887da19b80b8b7c2021-12-21 12:51:41.445root 11241100x8000000000000000726810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d09724783d38de92021-12-21 12:51:41.445root 11241100x8000000000000000726811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6611d682a741572021-12-21 12:51:41.445root 11241100x8000000000000000726812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3efc2d26209487f2021-12-21 12:51:41.445root 11241100x8000000000000000726813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420898c5f99d8cb2021-12-21 12:51:41.445root 11241100x8000000000000000726814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b136ae153752a9b52021-12-21 12:51:41.445root 11241100x8000000000000000726815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aada1798fdf20c72021-12-21 12:51:41.445root 11241100x8000000000000000726816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e007dc1820530bd02021-12-21 12:51:41.445root 11241100x8000000000000000726817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6ef9eda9121f352021-12-21 12:51:41.445root 11241100x8000000000000000726818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e8d936ab3b9a42021-12-21 12:51:41.445root 11241100x8000000000000000726819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75a09801865d1772021-12-21 12:51:41.943root 11241100x8000000000000000726820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1152aa096353b8752021-12-21 12:51:41.943root 11241100x8000000000000000726821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a607f8b3e614bd0b2021-12-21 12:51:41.943root 11241100x8000000000000000726822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9887b9f1f21ba22021-12-21 12:51:41.943root 11241100x8000000000000000726823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e51e4c67f00492021-12-21 12:51:41.944root 11241100x8000000000000000726824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae5c138b8aa4542021-12-21 12:51:41.944root 11241100x8000000000000000726825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c193cb5e4a1de712021-12-21 12:51:41.944root 11241100x8000000000000000726826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5f89f7ab7cba5e2021-12-21 12:51:41.944root 11241100x8000000000000000726827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61932135ea8973af2021-12-21 12:51:41.944root 11241100x8000000000000000726828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba54d8911fd9c7802021-12-21 12:51:41.944root 11241100x8000000000000000726829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dca32e1e1637b32021-12-21 12:51:41.944root 11241100x8000000000000000726830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16b5d601a565a7a2021-12-21 12:51:41.944root 11241100x8000000000000000726831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b941dd9123563b2021-12-21 12:51:41.944root 11241100x8000000000000000726832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58114c4d714c8c42021-12-21 12:51:41.944root 11241100x8000000000000000726833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276abd90831567d02021-12-21 12:51:41.944root 11241100x8000000000000000726834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a29c6551c6a1c32021-12-21 12:51:41.944root 11241100x8000000000000000726835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a14700cef2971e2021-12-21 12:51:41.944root 11241100x8000000000000000726836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee811ccc6efb2512021-12-21 12:51:41.944root 11241100x8000000000000000726837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7c231e746ab8642021-12-21 12:51:41.944root 11241100x8000000000000000726838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0975f2c542ac572021-12-21 12:51:41.945root 11241100x8000000000000000726839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5cc798dfdb820a2021-12-21 12:51:41.945root 11241100x8000000000000000726840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1361ebd71e1a5b442021-12-21 12:51:41.945root 11241100x8000000000000000726841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f11789ff980b22021-12-21 12:51:41.945root 11241100x8000000000000000726842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aba8a72d90605c32021-12-21 12:51:41.945root 11241100x8000000000000000726843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8145622567f6610d2021-12-21 12:51:41.945root 11241100x8000000000000000726844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9f5dce7d3d056a2021-12-21 12:51:41.945root 11241100x8000000000000000726845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e032ca4dc5c0eb2021-12-21 12:51:41.945root 11241100x8000000000000000726846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04055400e6bf3bb12021-12-21 12:51:41.945root 11241100x8000000000000000726847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7a4262f3e684f62021-12-21 12:51:41.945root 11241100x8000000000000000726848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b8e239d7545df2021-12-21 12:51:41.945root 11241100x8000000000000000726849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e984cee5e0e93152021-12-21 12:51:41.945root 11241100x8000000000000000726850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c570dc37854c3c2021-12-21 12:51:41.945root 11241100x8000000000000000726851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2125a2354d2c6602021-12-21 12:51:41.945root 11241100x8000000000000000726852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4565b2ee8257ec612021-12-21 12:51:41.946root 11241100x8000000000000000726853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f003a8a4fa5b7692021-12-21 12:51:41.946root 11241100x8000000000000000726854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46928d2d0f6e9e172021-12-21 12:51:41.946root 23542300x8000000000000000726855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.967{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000726856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1314456670355f172021-12-21 12:51:42.443root 11241100x8000000000000000726857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f69dceb1efdb0fa2021-12-21 12:51:42.443root 11241100x8000000000000000726858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85fd7050329bbf32021-12-21 12:51:42.443root 11241100x8000000000000000726859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d3d432ff9fac232021-12-21 12:51:42.443root 11241100x8000000000000000726860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f323a4f5fde1a32021-12-21 12:51:42.444root 11241100x8000000000000000726861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d70047c8ecd63e2021-12-21 12:51:42.444root 11241100x8000000000000000726862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb25556ea0dbc282021-12-21 12:51:42.444root 11241100x8000000000000000726863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be488219871809d2021-12-21 12:51:42.444root 11241100x8000000000000000726864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff977d50d4080832021-12-21 12:51:42.444root 11241100x8000000000000000726865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3088be93062586a2021-12-21 12:51:42.444root 11241100x8000000000000000726866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3230e9db40d1d42021-12-21 12:51:42.444root 11241100x8000000000000000726867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5747248bbf472b2021-12-21 12:51:42.444root 11241100x8000000000000000726868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1644321af01eed482021-12-21 12:51:42.444root 11241100x8000000000000000726869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df2ca0a8a6295662021-12-21 12:51:42.444root 11241100x8000000000000000726870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc21011abc29621e2021-12-21 12:51:42.444root 11241100x8000000000000000726871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50ff8f489cf0c8f2021-12-21 12:51:42.444root 11241100x8000000000000000726872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1e251334489bcf2021-12-21 12:51:42.444root 11241100x8000000000000000726873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0776396f7ddbccd62021-12-21 12:51:42.444root 11241100x8000000000000000726874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864b5d542d3a57922021-12-21 12:51:42.444root 11241100x8000000000000000726875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c991dc2b0dd3af282021-12-21 12:51:42.445root 11241100x8000000000000000726876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c011ed4ff2476e842021-12-21 12:51:42.445root 11241100x8000000000000000726877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff48645178364dc2021-12-21 12:51:42.445root 11241100x8000000000000000726878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e61e63f2fa8ac82021-12-21 12:51:42.445root 11241100x8000000000000000726879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bc53a93d1404a2021-12-21 12:51:42.445root 11241100x8000000000000000726880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa819748c4e805572021-12-21 12:51:42.445root 11241100x8000000000000000726881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3ef4e70ca3674a2021-12-21 12:51:42.445root 11241100x8000000000000000726882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c7ee0b2e40f3e2021-12-21 12:51:42.445root 11241100x8000000000000000726883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8073547847c3ae902021-12-21 12:51:42.445root 11241100x8000000000000000726884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ac0f4837ddbef22021-12-21 12:51:42.445root 11241100x8000000000000000726885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b35f2eb66ed172021-12-21 12:51:42.445root 11241100x8000000000000000726886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db7d154094fe8072021-12-21 12:51:42.445root 11241100x8000000000000000726887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bfae33af5799ab2021-12-21 12:51:42.445root 11241100x8000000000000000726888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2d7278f84cb8482021-12-21 12:51:42.445root 11241100x8000000000000000726889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39f4b90f5ee9ba2021-12-21 12:51:42.446root 11241100x8000000000000000726890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a1d8bb087afc7a2021-12-21 12:51:42.446root 11241100x8000000000000000726891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f8bf1f67d0caf2021-12-21 12:51:42.446root 11241100x8000000000000000726892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366efe17ebc3a4b42021-12-21 12:51:42.946root 11241100x8000000000000000726893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2115ca3857e106f32021-12-21 12:51:42.946root 11241100x8000000000000000726894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f41b8b1866d8592021-12-21 12:51:42.946root 11241100x8000000000000000726895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8375957245afd142021-12-21 12:51:42.946root 11241100x8000000000000000726896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08356f05166a6ff12021-12-21 12:51:42.946root 11241100x8000000000000000726897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e4794e8bff480e2021-12-21 12:51:42.946root 11241100x8000000000000000726898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1981f9cbc2538eda2021-12-21 12:51:42.946root 11241100x8000000000000000726899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20852021fd93e2ab2021-12-21 12:51:42.946root 11241100x8000000000000000726900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc02a6db0db5152021-12-21 12:51:42.946root 11241100x8000000000000000726901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68915056f11ba69c2021-12-21 12:51:42.946root 11241100x8000000000000000726902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01edbf5b02eec3e2021-12-21 12:51:42.946root 11241100x8000000000000000726903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a7ca5838cb8f7d2021-12-21 12:51:42.947root 11241100x8000000000000000726904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e345416e1dac1cb72021-12-21 12:51:42.947root 11241100x8000000000000000726905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c29421cb47cf622021-12-21 12:51:42.947root 11241100x8000000000000000726906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded0f1eb71f443bd2021-12-21 12:51:42.947root 11241100x8000000000000000726907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771c47db104261ae2021-12-21 12:51:42.947root 11241100x8000000000000000726908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fee91df91c9bb12021-12-21 12:51:42.947root 11241100x8000000000000000726909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb2584b65c0eefc2021-12-21 12:51:42.947root 11241100x8000000000000000726910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d656c285fcd62102021-12-21 12:51:42.947root 11241100x8000000000000000726911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e9caafd2fec65c2021-12-21 12:51:42.947root 11241100x8000000000000000726912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5928b629d5b556f92021-12-21 12:51:42.947root 11241100x8000000000000000726913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4efbbad9218f972021-12-21 12:51:42.947root 11241100x8000000000000000726914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9fab9746db84b22021-12-21 12:51:42.947root 11241100x8000000000000000726915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971fb3a30755c8bd2021-12-21 12:51:42.947root 11241100x8000000000000000726916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c244704580d139b2021-12-21 12:51:42.947root 11241100x8000000000000000726917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a6b446db24d72c2021-12-21 12:51:42.947root 11241100x8000000000000000726918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dc0368faeefac02021-12-21 12:51:42.948root 11241100x8000000000000000726919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9d44976b2b70fa2021-12-21 12:51:42.948root 11241100x8000000000000000726920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd12c6c0c4b7b8b12021-12-21 12:51:42.948root 11241100x8000000000000000726921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20391175a1a38cd2021-12-21 12:51:42.948root 11241100x8000000000000000726922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668edd8d6b441b952021-12-21 12:51:42.948root 11241100x8000000000000000726923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e590def3cb70601e2021-12-21 12:51:42.948root 11241100x8000000000000000726924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e4c15d21e440fb2021-12-21 12:51:42.948root 11241100x8000000000000000726925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597b1dfe357d1c8a2021-12-21 12:51:42.948root 11241100x8000000000000000726926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041694f0af8a6d6a2021-12-21 12:51:42.948root 11241100x8000000000000000726927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8861c7cc9a05362021-12-21 12:51:43.443root 11241100x8000000000000000726928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff82797373fedd562021-12-21 12:51:43.444root 11241100x8000000000000000726929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fff687642100fba2021-12-21 12:51:43.444root 11241100x8000000000000000726930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8e02ad20a62aef2021-12-21 12:51:43.445root 11241100x8000000000000000726931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94b50535e303c462021-12-21 12:51:43.445root 11241100x8000000000000000726932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4b76bcac8c45d32021-12-21 12:51:43.445root 11241100x8000000000000000726933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24918890681c89e2021-12-21 12:51:43.445root 11241100x8000000000000000726934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed51688b179d1b2021-12-21 12:51:43.445root 11241100x8000000000000000726935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdfd0ff28fa207d2021-12-21 12:51:43.445root 11241100x8000000000000000726936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563156c8bcf7cba42021-12-21 12:51:43.445root 11241100x8000000000000000726937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7045d94477f007d2021-12-21 12:51:43.445root 11241100x8000000000000000726938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268bd09e747ed6a02021-12-21 12:51:43.445root 11241100x8000000000000000726939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3a8fdb7f6a9f92021-12-21 12:51:43.446root 11241100x8000000000000000726940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d984322a954d5af12021-12-21 12:51:43.446root 11241100x8000000000000000726941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb9a76bb465e8992021-12-21 12:51:43.446root 11241100x8000000000000000726942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e506c5df0559d92021-12-21 12:51:43.446root 11241100x8000000000000000726943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a450bbaaf9a921742021-12-21 12:51:43.446root 11241100x8000000000000000726944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05293763fd9d5f62021-12-21 12:51:43.446root 11241100x8000000000000000726945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68db3f4b07990962021-12-21 12:51:43.446root 11241100x8000000000000000726946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbda3b03b4ac5b12021-12-21 12:51:43.446root 11241100x8000000000000000726947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faad4d89b77bca1c2021-12-21 12:51:43.447root 11241100x8000000000000000726948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e32221a08b16092021-12-21 12:51:43.447root 11241100x8000000000000000726949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b136578aed4e6b2021-12-21 12:51:43.447root 11241100x8000000000000000726950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f6bc43711b3fed2021-12-21 12:51:43.447root 11241100x8000000000000000726951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af360d24806d72b2021-12-21 12:51:43.447root 11241100x8000000000000000726952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275380f7a71c00692021-12-21 12:51:43.447root 11241100x8000000000000000726953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6908db4954c799fc2021-12-21 12:51:43.447root 11241100x8000000000000000726954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb769cb749979cd2021-12-21 12:51:43.447root 11241100x8000000000000000726955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61159e50c0d8fe992021-12-21 12:51:43.448root 11241100x8000000000000000726956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba50c3ea7b04e95b2021-12-21 12:51:43.448root 11241100x8000000000000000726957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f8b1cb157b89d2021-12-21 12:51:43.448root 11241100x8000000000000000726958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27615ff559302da52021-12-21 12:51:43.449root 11241100x8000000000000000726959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d923fe1674efcac2021-12-21 12:51:43.449root 11241100x8000000000000000726960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba96b32ab620b63d2021-12-21 12:51:43.449root 11241100x8000000000000000726961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fab4b6f1d554abf2021-12-21 12:51:43.449root 11241100x8000000000000000726962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc756a058b700c2021-12-21 12:51:43.943root 11241100x8000000000000000726963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38019c33c636b6fb2021-12-21 12:51:43.943root 11241100x8000000000000000726964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac020d46ad11b65e2021-12-21 12:51:43.943root 11241100x8000000000000000726965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b13e4f5bdf85b3f2021-12-21 12:51:43.943root 11241100x8000000000000000726966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e827b0e2ef7c6f2021-12-21 12:51:43.944root 11241100x8000000000000000726967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe09b3c8387c4d62021-12-21 12:51:43.944root 11241100x8000000000000000726968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37974f4a7527f0762021-12-21 12:51:43.944root 11241100x8000000000000000726969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbf33a84daac33c2021-12-21 12:51:43.944root 11241100x8000000000000000726970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbeb9fab2f803bf2021-12-21 12:51:43.944root 11241100x8000000000000000726971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563b7941ea76cffe2021-12-21 12:51:43.944root 11241100x8000000000000000726972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67cf7f8d4f80de82021-12-21 12:51:43.944root 11241100x8000000000000000726973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093408a20e3af9ff2021-12-21 12:51:43.944root 11241100x8000000000000000726974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d199d38e53d8b5322021-12-21 12:51:43.944root 11241100x8000000000000000726975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536fb88b002d39f72021-12-21 12:51:43.944root 11241100x8000000000000000726976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61475cd468ed5242021-12-21 12:51:43.945root 11241100x8000000000000000726977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65fbf671435ff872021-12-21 12:51:43.945root 11241100x8000000000000000726978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5898b22bed345b42021-12-21 12:51:43.945root 11241100x8000000000000000726979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48d5568e5f92f552021-12-21 12:51:43.945root 11241100x8000000000000000726980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5a3529b9c56822021-12-21 12:51:43.945root 11241100x8000000000000000726981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2321090856ffa6a62021-12-21 12:51:43.945root 11241100x8000000000000000726982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5aa2c07504958c2021-12-21 12:51:43.945root 11241100x8000000000000000726983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676ded85a218fcd32021-12-21 12:51:43.946root 11241100x8000000000000000726984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a9524b389d6dbe2021-12-21 12:51:43.946root 11241100x8000000000000000726985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf19cf65a963632021-12-21 12:51:43.946root 11241100x8000000000000000726986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b72f48d1f0bdbb02021-12-21 12:51:43.946root 11241100x8000000000000000726987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da9344544020ee62021-12-21 12:51:43.946root 11241100x8000000000000000726988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38da4a5325b814e32021-12-21 12:51:43.946root 11241100x8000000000000000726989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950ecd2a13f73932021-12-21 12:51:43.946root 11241100x8000000000000000726990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee204ca617e0d492021-12-21 12:51:43.946root 11241100x8000000000000000726991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24f88bbfb612ee02021-12-21 12:51:43.946root 11241100x8000000000000000726992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696f5bd135fcd0552021-12-21 12:51:43.946root 11241100x8000000000000000726993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476aca29a8a4dd2a2021-12-21 12:51:43.946root 11241100x8000000000000000726994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae76157eb71e79302021-12-21 12:51:43.947root 11241100x8000000000000000726995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ba68b1b796689f2021-12-21 12:51:43.947root 11241100x8000000000000000726996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f285f103e9a17e62021-12-21 12:51:43.947root 11241100x8000000000000000726997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1a9137d318a5b72021-12-21 12:51:43.947root 11241100x8000000000000000726998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609d7b076ec40cc22021-12-21 12:51:43.947root 11241100x8000000000000000726999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b995d1cff55fd42021-12-21 12:51:43.947root 11241100x8000000000000000727000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e84e84ec1822a12021-12-21 12:51:44.443root 11241100x8000000000000000727001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ea6b5772f212ea2021-12-21 12:51:44.443root 11241100x8000000000000000727002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd80e4caa94d2512021-12-21 12:51:44.443root 11241100x8000000000000000727003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a513580f1e1786002021-12-21 12:51:44.444root 11241100x8000000000000000727004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a2fd40a82dc3a2021-12-21 12:51:44.444root 11241100x8000000000000000727005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061a7546a44653ce2021-12-21 12:51:44.444root 11241100x8000000000000000727006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0404104e5e6498262021-12-21 12:51:44.444root 11241100x8000000000000000727007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c020dae21f2c8b82021-12-21 12:51:44.444root 11241100x8000000000000000727008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d328394c48e3802021-12-21 12:51:44.444root 11241100x8000000000000000727009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4884f0ec3b79b582021-12-21 12:51:44.444root 11241100x8000000000000000727010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97faa8e79e8a86e32021-12-21 12:51:44.444root 11241100x8000000000000000727011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55fcc3d4892ed842021-12-21 12:51:44.444root 11241100x8000000000000000727012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902cd6efc8fcb4592021-12-21 12:51:44.444root 11241100x8000000000000000727013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2fcbdd31e9934d2021-12-21 12:51:44.444root 11241100x8000000000000000727014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca11ee6c4125abef2021-12-21 12:51:44.444root 11241100x8000000000000000727015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd70e24be247ac2a2021-12-21 12:51:44.444root 11241100x8000000000000000727016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a8766402b80d202021-12-21 12:51:44.444root 11241100x8000000000000000727017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2f38b5f00f03812021-12-21 12:51:44.444root 11241100x8000000000000000727018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efa8170f1f1cb352021-12-21 12:51:44.445root 11241100x8000000000000000727019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded9446c19e6fd772021-12-21 12:51:44.445root 11241100x8000000000000000727020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f7f932d09ea94f2021-12-21 12:51:44.445root 11241100x8000000000000000727021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c50324f1f17602021-12-21 12:51:44.445root 11241100x8000000000000000727022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c456be41ff1092021-12-21 12:51:44.445root 11241100x8000000000000000727023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2018e731fb6f08872021-12-21 12:51:44.445root 11241100x8000000000000000727024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e103bd2850501762021-12-21 12:51:44.445root 11241100x8000000000000000727025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51dbd5e3482ff762021-12-21 12:51:44.445root 11241100x8000000000000000727026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffedcf4736fc96ad2021-12-21 12:51:44.445root 11241100x8000000000000000727027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a359d45465f014172021-12-21 12:51:44.445root 11241100x8000000000000000727028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476b028445c422d12021-12-21 12:51:44.445root 11241100x8000000000000000727029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d4d2a1cac051902021-12-21 12:51:44.445root 11241100x8000000000000000727030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e64bde2ac702b82021-12-21 12:51:44.445root 11241100x8000000000000000727031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc218b361f3d1062021-12-21 12:51:44.445root 11241100x8000000000000000727032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f49e0f67472d832021-12-21 12:51:44.445root 11241100x8000000000000000727033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7f94640850dba02021-12-21 12:51:44.446root 11241100x8000000000000000727034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26366290bb4267b82021-12-21 12:51:44.446root 11241100x8000000000000000727035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1583b3dff42d35152021-12-21 12:51:44.446root 11241100x8000000000000000727036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82e7d7fdf082a152021-12-21 12:51:44.943root 11241100x8000000000000000727037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d849903fb69642f22021-12-21 12:51:44.943root 11241100x8000000000000000727038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b71e43d100e8bc2021-12-21 12:51:44.943root 11241100x8000000000000000727039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645b1430831357282021-12-21 12:51:44.944root 11241100x8000000000000000727040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e554f92dcedf19f12021-12-21 12:51:44.944root 11241100x8000000000000000727041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4475c6bdba05af4f2021-12-21 12:51:44.944root 11241100x8000000000000000727042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bde92d6a64036f2021-12-21 12:51:44.944root 11241100x8000000000000000727043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f1c35a6224d032021-12-21 12:51:44.944root 11241100x8000000000000000727044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35e9c8fddb6e37e2021-12-21 12:51:44.944root 11241100x8000000000000000727045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b47708332cfd78e2021-12-21 12:51:44.944root 11241100x8000000000000000727046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a609ce88a2020b2021-12-21 12:51:44.944root 11241100x8000000000000000727047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1160d02dbe2bf39c2021-12-21 12:51:44.944root 11241100x8000000000000000727048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bda2c366399de42021-12-21 12:51:44.944root 11241100x8000000000000000727049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97e968e2960551c2021-12-21 12:51:44.944root 11241100x8000000000000000727050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc017f2dbf418752021-12-21 12:51:44.944root 11241100x8000000000000000727051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df47368429247922021-12-21 12:51:44.944root 11241100x8000000000000000727052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b601283ca5837e722021-12-21 12:51:44.944root 11241100x8000000000000000727053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c37fca8d7e72bd2021-12-21 12:51:44.945root 11241100x8000000000000000727054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da889d72ef7c3dba2021-12-21 12:51:44.945root 11241100x8000000000000000727055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d064ed2244850d2021-12-21 12:51:44.945root 11241100x8000000000000000727056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0b18a1e99aba1f2021-12-21 12:51:44.945root 11241100x8000000000000000727057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d154238e04c20b12021-12-21 12:51:44.945root 11241100x8000000000000000727058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e7a51a3c8d64072021-12-21 12:51:44.945root 11241100x8000000000000000727059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac33f41a09805ff2021-12-21 12:51:44.945root 11241100x8000000000000000727060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fa4ea7802c32f82021-12-21 12:51:44.945root 11241100x8000000000000000727061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61549b39ec68980c2021-12-21 12:51:44.945root 11241100x8000000000000000727062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cff6e704424c9f2021-12-21 12:51:44.945root 11241100x8000000000000000727063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9cf097088e36552021-12-21 12:51:44.945root 11241100x8000000000000000727064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9017e0e060935572021-12-21 12:51:44.945root 11241100x8000000000000000727065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a024a8d72355d2021-12-21 12:51:44.945root 11241100x8000000000000000727066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b370a8f98768a2021-12-21 12:51:44.945root 11241100x8000000000000000727067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3545af88e1be0962021-12-21 12:51:44.945root 11241100x8000000000000000727068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cb2573d6075b632021-12-21 12:51:44.945root 11241100x8000000000000000727069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965c5f2dba8152a02021-12-21 12:51:44.946root 11241100x8000000000000000727070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca4d78be2347ee52021-12-21 12:51:44.946root 11241100x8000000000000000727071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ca402d6c7f16092021-12-21 12:51:45.443root 11241100x8000000000000000727072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f425e379cccb892021-12-21 12:51:45.443root 11241100x8000000000000000727073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b442a172803a7e2021-12-21 12:51:45.444root 11241100x8000000000000000727074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6678d8435d307beb2021-12-21 12:51:45.444root 11241100x8000000000000000727075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd16fda40e13fbb2021-12-21 12:51:45.444root 11241100x8000000000000000727076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960e6de2a519a3e02021-12-21 12:51:45.444root 11241100x8000000000000000727077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0469d66fead8382021-12-21 12:51:45.444root 11241100x8000000000000000727078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb3b8720093a2c92021-12-21 12:51:45.444root 11241100x8000000000000000727079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713d46c8e5499a212021-12-21 12:51:45.444root 11241100x8000000000000000727080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54149074adb7c51c2021-12-21 12:51:45.444root 11241100x8000000000000000727081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4c4ceb18b742562021-12-21 12:51:45.444root 11241100x8000000000000000727082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaac1132af3e5a12021-12-21 12:51:45.444root 11241100x8000000000000000727083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc10699d6e337ca2021-12-21 12:51:45.444root 11241100x8000000000000000727084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfe230fb89c9f872021-12-21 12:51:45.444root 11241100x8000000000000000727085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798cbad2e4c3bcb2021-12-21 12:51:45.444root 11241100x8000000000000000727086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8371b972d5db8582021-12-21 12:51:45.445root 11241100x8000000000000000727087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32f37d7702e67702021-12-21 12:51:45.445root 11241100x8000000000000000727088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d351aa1fc98ada052021-12-21 12:51:45.445root 11241100x8000000000000000727089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e06104fe7c6d9c2021-12-21 12:51:45.445root 11241100x8000000000000000727090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1b00ddf94bda612021-12-21 12:51:45.445root 11241100x8000000000000000727091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969cb2a9e054d9962021-12-21 12:51:45.445root 11241100x8000000000000000727092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98c62ba115de5382021-12-21 12:51:45.445root 11241100x8000000000000000727093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff9fa0d7d107462021-12-21 12:51:45.445root 11241100x8000000000000000727094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390877d6e168938d2021-12-21 12:51:45.445root 11241100x8000000000000000727095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654936961f58f0ba2021-12-21 12:51:45.445root 11241100x8000000000000000727096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15352e6d67460eb32021-12-21 12:51:45.445root 11241100x8000000000000000727097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be018edfabf9e952021-12-21 12:51:45.445root 11241100x8000000000000000727098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddf3d723f27d86c2021-12-21 12:51:45.445root 11241100x8000000000000000727099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2ac65fba9bbaf22021-12-21 12:51:45.445root 11241100x8000000000000000727100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998432c2f558260d2021-12-21 12:51:45.445root 11241100x8000000000000000727101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12c42926fc9e6232021-12-21 12:51:45.445root 11241100x8000000000000000727102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83331354316637d72021-12-21 12:51:45.446root 11241100x8000000000000000727103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f353fa336989a62021-12-21 12:51:45.446root 11241100x8000000000000000727104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7da00c333e2392a2021-12-21 12:51:45.446root 11241100x8000000000000000727105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40521baca739f9e2021-12-21 12:51:45.446root 11241100x8000000000000000727106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae865d2d291d9362021-12-21 12:51:45.943root 11241100x8000000000000000727107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6972aaf637ff1eb32021-12-21 12:51:45.943root 11241100x8000000000000000727108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8829b9b9be71892021-12-21 12:51:45.943root 11241100x8000000000000000727109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135c5dd135c62ab22021-12-21 12:51:45.943root 11241100x8000000000000000727110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5d036ffc3b95092021-12-21 12:51:45.944root 11241100x8000000000000000727111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7304cc9005ada97f2021-12-21 12:51:45.944root 11241100x8000000000000000727112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e96c7149bbe1a4f2021-12-21 12:51:45.944root 11241100x8000000000000000727113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca11681d89425bfc2021-12-21 12:51:45.944root 11241100x8000000000000000727114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4bbf978e8d523f2021-12-21 12:51:45.944root 11241100x8000000000000000727115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0c3e92fd5fdd62021-12-21 12:51:45.944root 11241100x8000000000000000727116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6833c35f1151e42021-12-21 12:51:45.944root 11241100x8000000000000000727117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd276dc2e7d27be2021-12-21 12:51:45.944root 11241100x8000000000000000727118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7c4eb5101317f42021-12-21 12:51:45.944root 11241100x8000000000000000727119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8ff772a7fecd482021-12-21 12:51:45.944root 11241100x8000000000000000727120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d668b4689f83ce2021-12-21 12:51:45.944root 11241100x8000000000000000727121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57f21f2de78069d2021-12-21 12:51:45.944root 11241100x8000000000000000727122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd72da2663bb28532021-12-21 12:51:45.944root 11241100x8000000000000000727123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf124c52cbf83b4a2021-12-21 12:51:45.945root 11241100x8000000000000000727124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff8d88c9d707e072021-12-21 12:51:45.945root 11241100x8000000000000000727125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a10b445ef79f2e2021-12-21 12:51:45.945root 11241100x8000000000000000727126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb19077fab347552021-12-21 12:51:45.945root 11241100x8000000000000000727127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0429a2988d05843c2021-12-21 12:51:45.945root 11241100x8000000000000000727128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c19246c5b426a1d2021-12-21 12:51:45.945root 11241100x8000000000000000727129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb69ed91b8951342021-12-21 12:51:45.945root 11241100x8000000000000000727130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436c9ebd5e5b77322021-12-21 12:51:45.945root 11241100x8000000000000000727131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebcf3932175abba2021-12-21 12:51:45.945root 11241100x8000000000000000727132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244cbaf709a405202021-12-21 12:51:45.945root 11241100x8000000000000000727133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0ae0ea7ad99172021-12-21 12:51:45.945root 11241100x8000000000000000727134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde678ee6354b982021-12-21 12:51:45.945root 11241100x8000000000000000727135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb858dfa59b448df2021-12-21 12:51:45.945root 11241100x8000000000000000727136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51db6b70654bd8b92021-12-21 12:51:45.945root 11241100x8000000000000000727137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de809c83191011c02021-12-21 12:51:45.945root 11241100x8000000000000000727138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c0f6e6a42be3122021-12-21 12:51:45.945root 11241100x8000000000000000727139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72509611575d46502021-12-21 12:51:45.946root 11241100x8000000000000000727140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f6b62ea6570dd42021-12-21 12:51:45.946root 11241100x8000000000000000727141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee22349966f1d812021-12-21 12:51:45.946root 354300x8000000000000000727142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.238{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50592-false10.0.1.12-8000- 11241100x8000000000000000727143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d368d487d80718d2021-12-21 12:51:46.239root 11241100x8000000000000000727144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5f581f9a99b9312021-12-21 12:51:46.239root 11241100x8000000000000000727145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa3f762dca74b42021-12-21 12:51:46.239root 11241100x8000000000000000727146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75f3fb8dce6cb102021-12-21 12:51:46.239root 11241100x8000000000000000727147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1567c69f224b49bc2021-12-21 12:51:46.240root 11241100x8000000000000000727148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c98526b3d2dba372021-12-21 12:51:46.240root 11241100x8000000000000000727149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd49f1449111bf2021-12-21 12:51:46.240root 11241100x8000000000000000727150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c0132687eb82662021-12-21 12:51:46.240root 11241100x8000000000000000727151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14901782033ba4b2021-12-21 12:51:46.240root 11241100x8000000000000000727152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371c9757283833aa2021-12-21 12:51:46.240root 11241100x8000000000000000727153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206197e62d287d012021-12-21 12:51:46.240root 11241100x8000000000000000727154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9627143f495f292021-12-21 12:51:46.240root 11241100x8000000000000000727155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effa69b629e659592021-12-21 12:51:46.240root 11241100x8000000000000000727156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15f4586c575cd402021-12-21 12:51:46.240root 11241100x8000000000000000727157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c48fce12788372e2021-12-21 12:51:46.240root 11241100x8000000000000000727158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4154f0a3f6d07e82021-12-21 12:51:46.240root 11241100x8000000000000000727159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833b91eb35e2e13f2021-12-21 12:51:46.240root 11241100x8000000000000000727160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339c775736c0ac572021-12-21 12:51:46.240root 11241100x8000000000000000727161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab47e346096b1ea2021-12-21 12:51:46.240root 11241100x8000000000000000727162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46c7ed07922b1f62021-12-21 12:51:46.241root 11241100x8000000000000000727163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5976d81ac1ad634a2021-12-21 12:51:46.241root 11241100x8000000000000000727164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a2a7e11bda5c672021-12-21 12:51:46.241root 11241100x8000000000000000727165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3fab39d5f3aad22021-12-21 12:51:46.241root 11241100x8000000000000000727166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692f3b9bc1ddce852021-12-21 12:51:46.241root 11241100x8000000000000000727167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646ae7302d025a872021-12-21 12:51:46.241root 11241100x8000000000000000727168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ef3b43ecbad462021-12-21 12:51:46.241root 11241100x8000000000000000727169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ee9fb63633c3812021-12-21 12:51:46.241root 11241100x8000000000000000727170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afbcb4a665c23a02021-12-21 12:51:46.241root 11241100x8000000000000000727171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c4f3635b0fa962021-12-21 12:51:46.241root 11241100x8000000000000000727172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7f32a411836a72021-12-21 12:51:46.241root 11241100x8000000000000000727173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e66a4c2a02ce22021-12-21 12:51:46.242root 11241100x8000000000000000727174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b7eb8f2d656d3f2021-12-21 12:51:46.242root 11241100x8000000000000000727175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815d32cb5edf17362021-12-21 12:51:46.242root 11241100x8000000000000000727176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3f89d1d3c87dfd2021-12-21 12:51:46.242root 11241100x8000000000000000727177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dcdf33d778926f2021-12-21 12:51:46.242root 11241100x8000000000000000727178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1e66ac9824426f2021-12-21 12:51:46.242root 11241100x8000000000000000727179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ff98a7eac5a6502021-12-21 12:51:46.242root 11241100x8000000000000000727180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f9473c4cbc45aa2021-12-21 12:51:46.243root 11241100x8000000000000000727181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5c6e9c86daf7a02021-12-21 12:51:46.243root 11241100x8000000000000000727182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125b671bc90e31092021-12-21 12:51:46.243root 11241100x8000000000000000727183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12f251cba614f712021-12-21 12:51:46.243root 11241100x8000000000000000727184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14e522c9e747f5c2021-12-21 12:51:46.243root 11241100x8000000000000000727185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363eb78aba849c772021-12-21 12:51:46.243root 11241100x8000000000000000727186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb14c470694e3beb2021-12-21 12:51:46.243root 11241100x8000000000000000727187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b277953de96cd4dc2021-12-21 12:51:46.243root 11241100x8000000000000000727188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5854d17080b1712021-12-21 12:51:46.243root 11241100x8000000000000000727189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635625ffb10a6e612021-12-21 12:51:46.694root 11241100x8000000000000000727190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a366b911b254b122021-12-21 12:51:46.694root 11241100x8000000000000000727191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601acbd6298469c42021-12-21 12:51:46.694root 11241100x8000000000000000727192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89968b4e7fb1512a2021-12-21 12:51:46.694root 11241100x8000000000000000727193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1b8754ba47bbbe2021-12-21 12:51:46.694root 11241100x8000000000000000727194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5a8c71c75785322021-12-21 12:51:46.694root 11241100x8000000000000000727195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d54f1a31a752262021-12-21 12:51:46.694root 11241100x8000000000000000727196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052b98e86e86ba842021-12-21 12:51:46.694root 11241100x8000000000000000727197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05514f475b280fe12021-12-21 12:51:46.694root 11241100x8000000000000000727198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6611ebbad72a052021-12-21 12:51:46.695root 11241100x8000000000000000727199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9c6c77fb32b4aa2021-12-21 12:51:46.695root 11241100x8000000000000000727200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a636fca8abef74842021-12-21 12:51:46.695root 11241100x8000000000000000727201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbb0027905d03592021-12-21 12:51:46.695root 11241100x8000000000000000727202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bfaad8f070bd562021-12-21 12:51:46.695root 11241100x8000000000000000727203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9f927bfa2d840d2021-12-21 12:51:46.695root 11241100x8000000000000000727204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d58d8d78f9076752021-12-21 12:51:46.695root 11241100x8000000000000000727205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d579b596912bb1582021-12-21 12:51:46.695root 11241100x8000000000000000727206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9f8d1ed3b5a6ac2021-12-21 12:51:46.695root 11241100x8000000000000000727207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783e8b95db22b47c2021-12-21 12:51:46.695root 11241100x8000000000000000727208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73463ff2221698a2021-12-21 12:51:46.695root 11241100x8000000000000000727209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c367849bee38182021-12-21 12:51:46.695root 11241100x8000000000000000727210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e3b850a4ccc132021-12-21 12:51:46.695root 11241100x8000000000000000727211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ac99455bf2fd62021-12-21 12:51:46.695root 11241100x8000000000000000727212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34acefedda5da36f2021-12-21 12:51:46.695root 11241100x8000000000000000727213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5606f69eb8bf852021-12-21 12:51:46.695root 11241100x8000000000000000727214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbf3639cfdfd132021-12-21 12:51:46.696root 11241100x8000000000000000727215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2d3f0f003f839e2021-12-21 12:51:46.696root 11241100x8000000000000000727216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487fb96d590aeb862021-12-21 12:51:46.696root 11241100x8000000000000000727217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d87bfa477568aa72021-12-21 12:51:46.696root 11241100x8000000000000000727218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116221ebb75eda192021-12-21 12:51:46.696root 11241100x8000000000000000727219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628ada2a142250952021-12-21 12:51:46.696root 11241100x8000000000000000727220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66788890690a4fd92021-12-21 12:51:46.696root 11241100x8000000000000000727221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f5e28b361898f2021-12-21 12:51:46.696root 11241100x8000000000000000727222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76d333facb45b0e2021-12-21 12:51:46.696root 11241100x8000000000000000727223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f1b0d823b15a92021-12-21 12:51:46.696root 11241100x8000000000000000727224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f2e8ae4130edcb2021-12-21 12:51:46.696root 11241100x8000000000000000727225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89a241569c2761c2021-12-21 12:51:47.194root 11241100x8000000000000000727226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaca10e722dbbed2021-12-21 12:51:47.194root 11241100x8000000000000000727227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acff2a431b3fb1e12021-12-21 12:51:47.194root 11241100x8000000000000000727228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70fad94d60980052021-12-21 12:51:47.194root 11241100x8000000000000000727229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900085d59f6cede42021-12-21 12:51:47.194root 11241100x8000000000000000727230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf57c1000ace2462021-12-21 12:51:47.194root 11241100x8000000000000000727231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ccca0ea504a8f22021-12-21 12:51:47.194root 11241100x8000000000000000727232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9956302faa5c42021-12-21 12:51:47.194root 11241100x8000000000000000727233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5684af528d06f7a2021-12-21 12:51:47.194root 11241100x8000000000000000727234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ea83a147a80a5a2021-12-21 12:51:47.195root 11241100x8000000000000000727235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca4a830335790fc2021-12-21 12:51:47.195root 11241100x8000000000000000727236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cba13a3d6cdd902021-12-21 12:51:47.195root 11241100x8000000000000000727237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2994acf36a22a52021-12-21 12:51:47.195root 11241100x8000000000000000727238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d907ea9bdacabe32021-12-21 12:51:47.195root 11241100x8000000000000000727239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bf6d6b4cac0e662021-12-21 12:51:47.195root 11241100x8000000000000000727240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c9c8b86f3f987e2021-12-21 12:51:47.195root 11241100x8000000000000000727241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2c978648dafac22021-12-21 12:51:47.195root 11241100x8000000000000000727242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba27226920d55e2021-12-21 12:51:47.195root 11241100x8000000000000000727243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334c1de5281424512021-12-21 12:51:47.195root 11241100x8000000000000000727244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47aba322ca18e0f2021-12-21 12:51:47.195root 11241100x8000000000000000727245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed711240eae05042021-12-21 12:51:47.195root 11241100x8000000000000000727246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e20002dbfc7fa2021-12-21 12:51:47.195root 11241100x8000000000000000727247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320fa90551b7f6eb2021-12-21 12:51:47.195root 11241100x8000000000000000727248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6169029dddeabbdb2021-12-21 12:51:47.195root 11241100x8000000000000000727249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095047ba3af7ff082021-12-21 12:51:47.196root 11241100x8000000000000000727250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a781e9180b48b72021-12-21 12:51:47.196root 11241100x8000000000000000727251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d5a8c360f207cf2021-12-21 12:51:47.196root 11241100x8000000000000000727252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d538ff99edadacb32021-12-21 12:51:47.196root 11241100x8000000000000000727253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03658d5c7d819aa2021-12-21 12:51:47.196root 11241100x8000000000000000727254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da749d69b317a0f72021-12-21 12:51:47.196root 11241100x8000000000000000727255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78183fd526d85ab32021-12-21 12:51:47.196root 11241100x8000000000000000727256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80635d9dd6c9f4102021-12-21 12:51:47.196root 11241100x8000000000000000727257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ae8e1caf4bc1b2021-12-21 12:51:47.196root 11241100x8000000000000000727258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf69a59529fcd80a2021-12-21 12:51:47.196root 11241100x8000000000000000727259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bcbe7ba9fba73b2021-12-21 12:51:47.196root 11241100x8000000000000000727260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caea6c74eedf0892021-12-21 12:51:47.196root 11241100x8000000000000000727261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff685ab310d253e2021-12-21 12:51:47.694root 11241100x8000000000000000727262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a1ede01a02d04a2021-12-21 12:51:47.694root 11241100x8000000000000000727263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac78ba98ac4b4c22021-12-21 12:51:47.694root 11241100x8000000000000000727264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a0cb3c09a03482021-12-21 12:51:47.694root 11241100x8000000000000000727265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b585a1798980942021-12-21 12:51:47.694root 11241100x8000000000000000727266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0116ca1c53134f62021-12-21 12:51:47.694root 11241100x8000000000000000727267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da85e1961c9e5b342021-12-21 12:51:47.694root 11241100x8000000000000000727268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baa4ea225b3f5cb2021-12-21 12:51:47.694root 11241100x8000000000000000727269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b9c6a07fd39ab02021-12-21 12:51:47.694root 11241100x8000000000000000727270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865ec90d462b8f202021-12-21 12:51:47.695root 11241100x8000000000000000727271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4630d6ea900c912021-12-21 12:51:47.695root 11241100x8000000000000000727272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d3d6537aad73512021-12-21 12:51:47.695root 11241100x8000000000000000727273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b46af3200ecab8e2021-12-21 12:51:47.695root 11241100x8000000000000000727274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e062f73033d00e1f2021-12-21 12:51:47.695root 11241100x8000000000000000727275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdfb3ab85f7424a2021-12-21 12:51:47.695root 11241100x8000000000000000727276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931e346f63e89ad2021-12-21 12:51:47.695root 11241100x8000000000000000727277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a9ed1e8b7d74352021-12-21 12:51:47.695root 11241100x8000000000000000727278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05e7f87c861906b2021-12-21 12:51:47.695root 11241100x8000000000000000727279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfde95c0010350d2021-12-21 12:51:47.695root 11241100x8000000000000000727280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f050ff83912b9522021-12-21 12:51:47.695root 11241100x8000000000000000727281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa74839eebb8eaf62021-12-21 12:51:47.695root 11241100x8000000000000000727282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a81c71dbf0d1a4e2021-12-21 12:51:47.695root 11241100x8000000000000000727283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7871c5382607b66d2021-12-21 12:51:47.695root 11241100x8000000000000000727284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5631cf262a9218102021-12-21 12:51:47.695root 11241100x8000000000000000727285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de174ecc59e4eb3f2021-12-21 12:51:47.696root 11241100x8000000000000000727286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04d799d3a918a522021-12-21 12:51:47.696root 11241100x8000000000000000727287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8059f6d9a7b14a9f2021-12-21 12:51:47.696root 11241100x8000000000000000727288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca035b76a1df5042021-12-21 12:51:47.696root 11241100x8000000000000000727289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101400b862ec1e1c2021-12-21 12:51:47.696root 11241100x8000000000000000727290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209398dc857c51212021-12-21 12:51:47.696root 11241100x8000000000000000727291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fefbdd8269347e22021-12-21 12:51:47.696root 11241100x8000000000000000727292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6e875a2d6aa8e2021-12-21 12:51:47.696root 11241100x8000000000000000727293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2694d5a02315d1b92021-12-21 12:51:47.696root 11241100x8000000000000000727294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8da050dea0ce7c2021-12-21 12:51:47.696root 11241100x8000000000000000727295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d300f4e95dafb8a62021-12-21 12:51:47.696root 11241100x8000000000000000727296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c159f89b606972021-12-21 12:51:47.696root 11241100x8000000000000000727297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed951212966cda182021-12-21 12:51:48.194root 11241100x8000000000000000727298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e94d3ce1ccce9a2021-12-21 12:51:48.194root 11241100x8000000000000000727299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928ead0538bea47d2021-12-21 12:51:48.194root 11241100x8000000000000000727300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fb6ae336b9191c2021-12-21 12:51:48.194root 11241100x8000000000000000727301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e576f18bfd1f8c2021-12-21 12:51:48.194root 11241100x8000000000000000727302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9d0b62ceba220b2021-12-21 12:51:48.194root 11241100x8000000000000000727303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195fcfb6e17d8bde2021-12-21 12:51:48.194root 11241100x8000000000000000727304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c2e5a6847d7c4e2021-12-21 12:51:48.195root 11241100x8000000000000000727305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1390473779f4b0202021-12-21 12:51:48.195root 11241100x8000000000000000727306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ec0e2169175d7e2021-12-21 12:51:48.195root 11241100x8000000000000000727307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ff6e3ce13fed332021-12-21 12:51:48.195root 11241100x8000000000000000727308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f942af78bd1929662021-12-21 12:51:48.195root 11241100x8000000000000000727309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23772366dd43ead2021-12-21 12:51:48.195root 11241100x8000000000000000727310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d899205d8abaf72021-12-21 12:51:48.195root 11241100x8000000000000000727311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53729073ff7fea2021-12-21 12:51:48.195root 11241100x8000000000000000727312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eafaa17e75f9752021-12-21 12:51:48.195root 11241100x8000000000000000727313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ba719aff0a1132021-12-21 12:51:48.195root 11241100x8000000000000000727314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e9fffccf188c782021-12-21 12:51:48.195root 11241100x8000000000000000727315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce0b5da80d8d012021-12-21 12:51:48.195root 11241100x8000000000000000727316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdad4fdd6f35c9642021-12-21 12:51:48.195root 11241100x8000000000000000727317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b544bec3e6e2d4f82021-12-21 12:51:48.196root 11241100x8000000000000000727318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac8cd0de00d189e2021-12-21 12:51:48.196root 11241100x8000000000000000727319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69675ad56c33e6d82021-12-21 12:51:48.196root 11241100x8000000000000000727320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f852accb934402021-12-21 12:51:48.196root 11241100x8000000000000000727321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ce595813b4d0a42021-12-21 12:51:48.196root 11241100x8000000000000000727322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3db2bb4bba4c3462021-12-21 12:51:48.196root 11241100x8000000000000000727323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c4868e5c905a6f2021-12-21 12:51:48.196root 11241100x8000000000000000727324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d78f04a31fafc3f2021-12-21 12:51:48.196root 11241100x8000000000000000727325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf0df75cdd4495c2021-12-21 12:51:48.196root 11241100x8000000000000000727326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e33bbb828f966a2021-12-21 12:51:48.196root 11241100x8000000000000000727327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a9f57cb0822f3d2021-12-21 12:51:48.196root 11241100x8000000000000000727328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95002e3a1f4066962021-12-21 12:51:48.196root 11241100x8000000000000000727329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601be72d396c48ea2021-12-21 12:51:48.196root 11241100x8000000000000000727330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079db6a38357793d2021-12-21 12:51:48.196root 11241100x8000000000000000727331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba1016fb58bc88d2021-12-21 12:51:48.196root 11241100x8000000000000000727332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881092d568dc6de42021-12-21 12:51:48.196root 11241100x8000000000000000727333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7184b89f4223d7c2021-12-21 12:51:48.694root 11241100x8000000000000000727334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2cd37ad865d7b2021-12-21 12:51:48.694root 11241100x8000000000000000727335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195d8b6f48ebfee22021-12-21 12:51:48.694root 11241100x8000000000000000727336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8a2dbb56d505092021-12-21 12:51:48.694root 11241100x8000000000000000727337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fda9c39f6f50992021-12-21 12:51:48.694root 11241100x8000000000000000727338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c153c32486ba94902021-12-21 12:51:48.694root 11241100x8000000000000000727339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92aa0e599574bf82021-12-21 12:51:48.694root 11241100x8000000000000000727340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f1e4149945ca672021-12-21 12:51:48.694root 11241100x8000000000000000727341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02576f042a42244a2021-12-21 12:51:48.694root 11241100x8000000000000000727342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38565800c8bac4b12021-12-21 12:51:48.695root 11241100x8000000000000000727343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2485b5613e90fd7e2021-12-21 12:51:48.695root 11241100x8000000000000000727344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ef2420527bb9b92021-12-21 12:51:48.695root 11241100x8000000000000000727345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9149943632e2f4522021-12-21 12:51:48.695root 11241100x8000000000000000727346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edea1060fe91061c2021-12-21 12:51:48.695root 11241100x8000000000000000727347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86647fe3969321982021-12-21 12:51:48.695root 11241100x8000000000000000727348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae06fa4c848e31112021-12-21 12:51:48.695root 11241100x8000000000000000727349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b502dbe9bf5582021-12-21 12:51:48.695root 11241100x8000000000000000727350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d33d18421e11b712021-12-21 12:51:48.695root 11241100x8000000000000000727351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923d08880116bf332021-12-21 12:51:48.695root 11241100x8000000000000000727352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799693d8e8b0c4372021-12-21 12:51:48.695root 11241100x8000000000000000727353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6bee1ff6b92e2d2021-12-21 12:51:48.695root 11241100x8000000000000000727354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fca02843128b4ae2021-12-21 12:51:48.695root 11241100x8000000000000000727355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fe1f5b5901b6232021-12-21 12:51:48.695root 11241100x8000000000000000727356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ba3b5e848eb67c2021-12-21 12:51:48.695root 11241100x8000000000000000727357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa358dd66fe46e52021-12-21 12:51:48.695root 11241100x8000000000000000727358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508f625b3a48e83b2021-12-21 12:51:48.696root 11241100x8000000000000000727359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba681a34090b35bf2021-12-21 12:51:48.696root 11241100x8000000000000000727360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e3d2501843ff4a2021-12-21 12:51:48.696root 11241100x8000000000000000727361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2023f0349a3610d2021-12-21 12:51:48.696root 11241100x8000000000000000727362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb78b2e84d8daf62021-12-21 12:51:48.696root 11241100x8000000000000000727363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5781aed1109c12021-12-21 12:51:48.696root 11241100x8000000000000000727364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5d071642c5916d2021-12-21 12:51:48.696root 11241100x8000000000000000727365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22ea78204ed0e3f2021-12-21 12:51:48.696root 11241100x8000000000000000727366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd18839464c470a2021-12-21 12:51:48.696root 11241100x8000000000000000727367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83670b8bddf7aa52021-12-21 12:51:48.696root 11241100x8000000000000000727368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23054ec9befdc382021-12-21 12:51:48.696root 11241100x8000000000000000727369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d609c53e70be4a2021-12-21 12:51:49.194root 11241100x8000000000000000727370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12c853362e187ff2021-12-21 12:51:49.194root 11241100x8000000000000000727371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56c7e083b664902021-12-21 12:51:49.194root 11241100x8000000000000000727372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde6388b314c1e42021-12-21 12:51:49.194root 11241100x8000000000000000727373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02ed5b91131d2cf2021-12-21 12:51:49.194root 11241100x8000000000000000727374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a056d388c1341e72021-12-21 12:51:49.194root 11241100x8000000000000000727375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9393d9ed8e0f3d1d2021-12-21 12:51:49.194root 11241100x8000000000000000727376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd523b0579c6da82021-12-21 12:51:49.195root 11241100x8000000000000000727377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13974bf55df25d122021-12-21 12:51:49.195root 11241100x8000000000000000727378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6e23e6deda46e92021-12-21 12:51:49.195root 11241100x8000000000000000727379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a9bf13c8e605cc2021-12-21 12:51:49.195root 11241100x8000000000000000727380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca5b1bd2e201e982021-12-21 12:51:49.195root 11241100x8000000000000000727381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854b97a7f7e35c752021-12-21 12:51:49.195root 11241100x8000000000000000727382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987644df9e22d86a2021-12-21 12:51:49.195root 11241100x8000000000000000727383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a4a389e7a53faa2021-12-21 12:51:49.195root 11241100x8000000000000000727384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b55a94753ceb9f82021-12-21 12:51:49.195root 11241100x8000000000000000727385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7ddebb9fa1c5b22021-12-21 12:51:49.195root 11241100x8000000000000000727386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751b6431385934ac2021-12-21 12:51:49.195root 11241100x8000000000000000727387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13913f1a1b6187402021-12-21 12:51:49.195root 11241100x8000000000000000727388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1068cc71e621ea752021-12-21 12:51:49.195root 11241100x8000000000000000727389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85933482f11d62222021-12-21 12:51:49.195root 11241100x8000000000000000727390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce595321e1c28e832021-12-21 12:51:49.196root 11241100x8000000000000000727391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1134f1fafc4029b02021-12-21 12:51:49.196root 11241100x8000000000000000727392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a349be6e1d3c8792021-12-21 12:51:49.196root 11241100x8000000000000000727393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012fa68697c609312021-12-21 12:51:49.196root 11241100x8000000000000000727394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a650b0bff513915d2021-12-21 12:51:49.196root 11241100x8000000000000000727395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6049e57e0d90a392021-12-21 12:51:49.196root 11241100x8000000000000000727396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e147aa0e0a63fa2021-12-21 12:51:49.196root 11241100x8000000000000000727397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8518c991464a51712021-12-21 12:51:49.196root 11241100x8000000000000000727398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ab535f7f211312021-12-21 12:51:49.196root 11241100x8000000000000000727399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d17fad021cad452021-12-21 12:51:49.196root 11241100x8000000000000000727400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5248e8665e97725e2021-12-21 12:51:49.196root 11241100x8000000000000000727401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a052a9c0f11faf62021-12-21 12:51:49.196root 11241100x8000000000000000727402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9abfdb50d69f7d2021-12-21 12:51:49.196root 11241100x8000000000000000727403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02df005af047b9e22021-12-21 12:51:49.196root 11241100x8000000000000000727404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af5037476394512021-12-21 12:51:49.196root 11241100x8000000000000000727405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7bb681364d9b12021-12-21 12:51:49.694root 11241100x8000000000000000727406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d7a890a55ccf42021-12-21 12:51:49.694root 11241100x8000000000000000727407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2ca0014b320e5d2021-12-21 12:51:49.694root 11241100x8000000000000000727408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e24b6ca370b9c2021-12-21 12:51:49.694root 11241100x8000000000000000727409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cef9105583e38a2021-12-21 12:51:49.694root 11241100x8000000000000000727410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0744067e6bf8dbf82021-12-21 12:51:49.694root 11241100x8000000000000000727411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5718bc34d5da31a32021-12-21 12:51:49.694root 11241100x8000000000000000727412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b427f15a0912c4f92021-12-21 12:51:49.694root 11241100x8000000000000000727413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb7b28ef8b46c572021-12-21 12:51:49.694root 11241100x8000000000000000727414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e614494abee7bfe2021-12-21 12:51:49.695root 11241100x8000000000000000727415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cea5f194cf17602021-12-21 12:51:49.695root 11241100x8000000000000000727416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ac9ba632b7bf512021-12-21 12:51:49.695root 11241100x8000000000000000727417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7d2aee09f78fee2021-12-21 12:51:49.695root 11241100x8000000000000000727418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151c033bb631ae6b2021-12-21 12:51:49.695root 11241100x8000000000000000727419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e72fe4fa4ab502021-12-21 12:51:49.695root 11241100x8000000000000000727420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11d2ea9c3df4df32021-12-21 12:51:49.695root 11241100x8000000000000000727421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87eb121164d16f02021-12-21 12:51:49.695root 11241100x8000000000000000727422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e41456590fe6262021-12-21 12:51:49.695root 11241100x8000000000000000727423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c253b6fd47fda52021-12-21 12:51:49.695root 11241100x8000000000000000727424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e344c8e07d848822021-12-21 12:51:49.695root 11241100x8000000000000000727425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25fb307f1ff9fc2021-12-21 12:51:49.695root 11241100x8000000000000000727426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81efa1733ff470a32021-12-21 12:51:49.696root 11241100x8000000000000000727427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c433175ff7377d22021-12-21 12:51:49.696root 11241100x8000000000000000727428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1e8b26d1c619ba2021-12-21 12:51:49.696root 11241100x8000000000000000727429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e46abfadbfe2f082021-12-21 12:51:49.696root 11241100x8000000000000000727430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b686c702a5fb09622021-12-21 12:51:49.696root 11241100x8000000000000000727431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8e25f3618d1b82021-12-21 12:51:49.696root 11241100x8000000000000000727432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4953de0e79183b2021-12-21 12:51:49.696root 11241100x8000000000000000727433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb37b9584fbb58cf2021-12-21 12:51:49.696root 11241100x8000000000000000727434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d57d83ba844722021-12-21 12:51:49.696root 11241100x8000000000000000727435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e554a18e3f4bd422021-12-21 12:51:49.696root 11241100x8000000000000000727436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6809940a830c5b9b2021-12-21 12:51:49.696root 11241100x8000000000000000727437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9441d605cc95c0422021-12-21 12:51:49.696root 11241100x8000000000000000727438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e99ede59e0d2bf2021-12-21 12:51:49.696root 11241100x8000000000000000727439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775b208aac5bfc712021-12-21 12:51:49.696root 11241100x8000000000000000727440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fadc2c7f5b38592021-12-21 12:51:49.696root 11241100x8000000000000000727441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20aed9050a17e532021-12-21 12:51:50.194root 11241100x8000000000000000727442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4df76698594d3402021-12-21 12:51:50.194root 11241100x8000000000000000727443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39cdc06293e7972021-12-21 12:51:50.194root 11241100x8000000000000000727444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c17f9031499ee72021-12-21 12:51:50.194root 11241100x8000000000000000727445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4108e60ddffebf52021-12-21 12:51:50.194root 11241100x8000000000000000727446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b354911296efae2021-12-21 12:51:50.194root 11241100x8000000000000000727447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333c7c673ba99aee2021-12-21 12:51:50.194root 11241100x8000000000000000727448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8d1c28dc5ef9952021-12-21 12:51:50.194root 11241100x8000000000000000727449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d94af5752b195f2021-12-21 12:51:50.195root 11241100x8000000000000000727450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b729e7aeb7ac01b12021-12-21 12:51:50.195root 11241100x8000000000000000727451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25c15b9c2af6372021-12-21 12:51:50.195root 11241100x8000000000000000727452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbda57d98851402d2021-12-21 12:51:50.195root 11241100x8000000000000000727453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a39ee317b711dcb2021-12-21 12:51:50.195root 11241100x8000000000000000727454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42cfc159d5286172021-12-21 12:51:50.195root 11241100x8000000000000000727455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c436fc21f5ae7a5f2021-12-21 12:51:50.195root 11241100x8000000000000000727456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa7e72cdab6efe02021-12-21 12:51:50.195root 11241100x8000000000000000727457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf6e0180dde44362021-12-21 12:51:50.195root 11241100x8000000000000000727458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ebee942b9c32e82021-12-21 12:51:50.195root 11241100x8000000000000000727459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe871b62ee2ebb52021-12-21 12:51:50.195root 11241100x8000000000000000727460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc7fcf55a0fd3ea2021-12-21 12:51:50.195root 11241100x8000000000000000727461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd6ea18724b083c2021-12-21 12:51:50.195root 11241100x8000000000000000727462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c60a828a3acbd02021-12-21 12:51:50.195root 11241100x8000000000000000727463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2746c89daee64772021-12-21 12:51:50.195root 11241100x8000000000000000727464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9698b9e7abf09fec2021-12-21 12:51:50.196root 11241100x8000000000000000727465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61fe03104b0b8142021-12-21 12:51:50.196root 11241100x8000000000000000727466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7642b4dbcb7fa36f2021-12-21 12:51:50.196root 11241100x8000000000000000727467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d57422708bfa42021-12-21 12:51:50.196root 11241100x8000000000000000727468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d31aded3f11f5d2021-12-21 12:51:50.196root 11241100x8000000000000000727469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ae63d92b27c6f2021-12-21 12:51:50.196root 11241100x8000000000000000727470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b079f291c20b862021-12-21 12:51:50.196root 11241100x8000000000000000727471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d1363f357ab6fc2021-12-21 12:51:50.196root 11241100x8000000000000000727472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74379e07a31a315b2021-12-21 12:51:50.196root 11241100x8000000000000000727473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c278086c3b00aeb72021-12-21 12:51:50.196root 11241100x8000000000000000727474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122b8539d7a70a0f2021-12-21 12:51:50.196root 11241100x8000000000000000727475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a38168b0dc11422021-12-21 12:51:50.196root 11241100x8000000000000000727476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7ffd69f0576e12021-12-21 12:51:50.196root 11241100x8000000000000000727477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7536974f0752f3322021-12-21 12:51:50.694root 11241100x8000000000000000727478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa352a457086336e2021-12-21 12:51:50.694root 11241100x8000000000000000727479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79d34713b4aff332021-12-21 12:51:50.694root 11241100x8000000000000000727480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a1d9fc1a3f92452021-12-21 12:51:50.694root 11241100x8000000000000000727481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f677169be8c4422021-12-21 12:51:50.694root 11241100x8000000000000000727482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb2fe9ab0b03a02021-12-21 12:51:50.694root 11241100x8000000000000000727483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1147ff1dc9bb4122021-12-21 12:51:50.694root 11241100x8000000000000000727484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8aaddf973d9aa12021-12-21 12:51:50.694root 11241100x8000000000000000727485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe8d7d06832afe62021-12-21 12:51:50.694root 11241100x8000000000000000727486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc05136f1bbaec62021-12-21 12:51:50.695root 11241100x8000000000000000727487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30568da255bbc4342021-12-21 12:51:50.695root 11241100x8000000000000000727488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cecc799f28a005b2021-12-21 12:51:50.695root 11241100x8000000000000000727489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06388fdfb13d0ce92021-12-21 12:51:50.695root 11241100x8000000000000000727490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a4d82628224df22021-12-21 12:51:50.695root 11241100x8000000000000000727491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e88ac1a528caa92021-12-21 12:51:50.695root 11241100x8000000000000000727492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc580c1421183b52021-12-21 12:51:50.695root 11241100x8000000000000000727493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ed4394cce247312021-12-21 12:51:50.695root 11241100x8000000000000000727494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a89d2c1e6c659cd2021-12-21 12:51:50.695root 11241100x8000000000000000727495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7206195b27c28a2021-12-21 12:51:50.695root 11241100x8000000000000000727496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d21fa1cd0903d62021-12-21 12:51:50.695root 11241100x8000000000000000727497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca06eb3ce061a6e62021-12-21 12:51:50.695root 11241100x8000000000000000727498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f85273a889014f52021-12-21 12:51:50.695root 11241100x8000000000000000727499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fae37f4a34121d2021-12-21 12:51:50.695root 11241100x8000000000000000727500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b027431092761c112021-12-21 12:51:50.695root 11241100x8000000000000000727501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd731426e433f1f2021-12-21 12:51:50.695root 11241100x8000000000000000727502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e378b62dfc08b2762021-12-21 12:51:50.696root 11241100x8000000000000000727503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eff574aa19e06292021-12-21 12:51:50.696root 11241100x8000000000000000727504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614d433d960a03d2021-12-21 12:51:50.696root 11241100x8000000000000000727505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec88c6174560e2d22021-12-21 12:51:50.696root 11241100x8000000000000000727506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e9ce11e5ee5c6a2021-12-21 12:51:50.696root 11241100x8000000000000000727507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f2a7b9c47f9e602021-12-21 12:51:50.696root 11241100x8000000000000000727508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaa9b8646b992e92021-12-21 12:51:50.696root 11241100x8000000000000000727509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb1e0cfc0b16ebb2021-12-21 12:51:50.696root 11241100x8000000000000000727510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28252373aba0d4052021-12-21 12:51:50.696root 11241100x8000000000000000727511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3734830bbd68462021-12-21 12:51:50.696root 11241100x8000000000000000727512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36165ca939ebfd852021-12-21 12:51:50.696root 11241100x8000000000000000727513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4b0eddebd851d2021-12-21 12:51:51.194root 11241100x8000000000000000727514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31aebacea9f7f8a2021-12-21 12:51:51.194root 11241100x8000000000000000727515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e804a3a928401fd2021-12-21 12:51:51.194root 11241100x8000000000000000727516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2e85b1154d4582021-12-21 12:51:51.194root 11241100x8000000000000000727517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a4bb2b24d95c822021-12-21 12:51:51.194root 11241100x8000000000000000727518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980ce30c90873b52021-12-21 12:51:51.194root 11241100x8000000000000000727519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb809cdb9339b3692021-12-21 12:51:51.194root 11241100x8000000000000000727520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab290079baef1342021-12-21 12:51:51.194root 11241100x8000000000000000727521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ab3a55ab36f1c2021-12-21 12:51:51.194root 11241100x8000000000000000727522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068367630b564422021-12-21 12:51:51.194root 11241100x8000000000000000727523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e617c63bd5ce9c22021-12-21 12:51:51.195root 11241100x8000000000000000727524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e557a308eae75af2021-12-21 12:51:51.195root 11241100x8000000000000000727525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c039070bd16478e72021-12-21 12:51:51.195root 11241100x8000000000000000727526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920174ceeb937c32021-12-21 12:51:51.195root 11241100x8000000000000000727527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085e0ae1c17fbe642021-12-21 12:51:51.195root 11241100x8000000000000000727528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b39d4541cee9c92021-12-21 12:51:51.195root 11241100x8000000000000000727529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ec3dd32a14aed2021-12-21 12:51:51.195root 11241100x8000000000000000727530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b1bd19434f1e42021-12-21 12:51:51.195root 11241100x8000000000000000727531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2baca4be0dc6392021-12-21 12:51:51.195root 11241100x8000000000000000727532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72196650ecd0eb402021-12-21 12:51:51.195root 11241100x8000000000000000727533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625fd61b6313f0492021-12-21 12:51:51.195root 11241100x8000000000000000727534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3aed37233d5f3d2021-12-21 12:51:51.195root 11241100x8000000000000000727535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca179256700bfe72021-12-21 12:51:51.195root 11241100x8000000000000000727536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc88697d01e50c52021-12-21 12:51:51.196root 11241100x8000000000000000727537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be54955582d774202021-12-21 12:51:51.196root 11241100x8000000000000000727538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc339a97efbf7eb2021-12-21 12:51:51.196root 11241100x8000000000000000727539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc1fbd21d31e4182021-12-21 12:51:51.196root 11241100x8000000000000000727540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c6bee89210388c2021-12-21 12:51:51.196root 11241100x8000000000000000727541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6e266c0e444bf22021-12-21 12:51:51.196root 11241100x8000000000000000727542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c255b8530fa0b02021-12-21 12:51:51.196root 11241100x8000000000000000727543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24844339fff1f5c2021-12-21 12:51:51.196root 11241100x8000000000000000727544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e114e485b6f493d2021-12-21 12:51:51.196root 11241100x8000000000000000727545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d365e9228f62c72021-12-21 12:51:51.196root 11241100x8000000000000000727546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc02ea08889b38232021-12-21 12:51:51.196root 11241100x8000000000000000727547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f765dfb9760c442021-12-21 12:51:51.196root 11241100x8000000000000000727548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998c7e4a6be03c32021-12-21 12:51:51.197root 354300x8000000000000000727549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.253{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50594-false10.0.1.12-8000- 11241100x8000000000000000727550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605bfb3d5956326e2021-12-21 12:51:51.694root 11241100x8000000000000000727551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13b0f9cc5c635832021-12-21 12:51:51.694root 11241100x8000000000000000727552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722673a92c3195f32021-12-21 12:51:51.694root 11241100x8000000000000000727553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b3a43babe3cd5e2021-12-21 12:51:51.695root 11241100x8000000000000000727554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faa2911f10324342021-12-21 12:51:51.695root 11241100x8000000000000000727555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a16184f64ea8082021-12-21 12:51:51.695root 11241100x8000000000000000727556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd725aff190be552021-12-21 12:51:51.696root 11241100x8000000000000000727557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6242e222459723442021-12-21 12:51:51.696root 11241100x8000000000000000727558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717f0199ef3dad22021-12-21 12:51:51.696root 11241100x8000000000000000727559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9d79540bc71b702021-12-21 12:51:51.696root 11241100x8000000000000000727560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f70eaf8aeecdeb2021-12-21 12:51:51.696root 11241100x8000000000000000727561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57b79861990b8072021-12-21 12:51:51.696root 11241100x8000000000000000727562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606234493f8d15832021-12-21 12:51:51.697root 11241100x8000000000000000727563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f45009942b87522021-12-21 12:51:51.697root 11241100x8000000000000000727564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eda61139dc910a2021-12-21 12:51:51.697root 11241100x8000000000000000727565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e2bfd74a885c582021-12-21 12:51:51.697root 11241100x8000000000000000727566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79a1950d0a9472c2021-12-21 12:51:51.697root 11241100x8000000000000000727567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f799ee70470edc432021-12-21 12:51:51.697root 11241100x8000000000000000727568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74813b79f32c6bb52021-12-21 12:51:51.698root 11241100x8000000000000000727569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350c5ce1a2b01f622021-12-21 12:51:51.698root 11241100x8000000000000000727570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4386403ddd95455a2021-12-21 12:51:51.698root 11241100x8000000000000000727571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2bed7317ca56e62021-12-21 12:51:51.698root 11241100x8000000000000000727572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251555ab5ee714082021-12-21 12:51:51.698root 11241100x8000000000000000727573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fdbbd7bc04d30c2021-12-21 12:51:51.698root 11241100x8000000000000000727574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0445adcaaaa583b12021-12-21 12:51:51.698root 11241100x8000000000000000727575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee691952aa750392021-12-21 12:51:51.698root 11241100x8000000000000000727576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f8d182bbc82ea22021-12-21 12:51:51.698root 11241100x8000000000000000727577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a3fd0cfa68a90a2021-12-21 12:51:51.698root 11241100x8000000000000000727578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce16c466e119ba2021-12-21 12:51:51.698root 11241100x8000000000000000727579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34b69fee41a25312021-12-21 12:51:51.698root 11241100x8000000000000000727580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c70cbb17101bb852021-12-21 12:51:51.698root 11241100x8000000000000000727581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9750bc0599e3d12021-12-21 12:51:51.698root 11241100x8000000000000000727582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5877cdec38de222021-12-21 12:51:51.698root 11241100x8000000000000000727583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec116fcf1cd3e2e2021-12-21 12:51:51.699root 11241100x8000000000000000727584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561756cc5416228c2021-12-21 12:51:51.699root 11241100x8000000000000000727585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22909da61e27d7e2021-12-21 12:51:51.699root 11241100x8000000000000000727586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1854ab262556e94b2021-12-21 12:51:51.699root 11241100x8000000000000000727587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a863249002aa702021-12-21 12:51:52.194root 11241100x8000000000000000727588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3443e634f23c65622021-12-21 12:51:52.194root 11241100x8000000000000000727589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88b833fc133802c2021-12-21 12:51:52.194root 11241100x8000000000000000727590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38658bf15828d3d92021-12-21 12:51:52.194root 11241100x8000000000000000727591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348864d2b70397602021-12-21 12:51:52.194root 11241100x8000000000000000727592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc2244ad2df10852021-12-21 12:51:52.194root 11241100x8000000000000000727593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5184933471f8b0c2021-12-21 12:51:52.194root 11241100x8000000000000000727594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214430ee38dd9e182021-12-21 12:51:52.194root 11241100x8000000000000000727595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d040b7ca8d0541e2021-12-21 12:51:52.195root 11241100x8000000000000000727596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03911c9684e136f62021-12-21 12:51:52.195root 11241100x8000000000000000727597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac04f278c5728bd2021-12-21 12:51:52.195root 11241100x8000000000000000727598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be8c11f7a8fcec92021-12-21 12:51:52.195root 11241100x8000000000000000727599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787e52a767509dba2021-12-21 12:51:52.195root 11241100x8000000000000000727600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2279c2a88bdd8b2021-12-21 12:51:52.195root 11241100x8000000000000000727601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0fa47a059da972021-12-21 12:51:52.195root 11241100x8000000000000000727602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30347a945e12b6c32021-12-21 12:51:52.195root 11241100x8000000000000000727603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3a21d2a5ece02a2021-12-21 12:51:52.195root 11241100x8000000000000000727604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c0c6483c96af22021-12-21 12:51:52.195root 11241100x8000000000000000727605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa3b4004fe39fd82021-12-21 12:51:52.195root 11241100x8000000000000000727606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a792113452b17c2021-12-21 12:51:52.195root 11241100x8000000000000000727607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c98213340d6ac82021-12-21 12:51:52.196root 11241100x8000000000000000727608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e628d5c4a82df82021-12-21 12:51:52.196root 11241100x8000000000000000727609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a87573744423b1d2021-12-21 12:51:52.196root 11241100x8000000000000000727610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa57f24606873152021-12-21 12:51:52.196root 11241100x8000000000000000727611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3251584602e6745f2021-12-21 12:51:52.196root 11241100x8000000000000000727612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a2f136de3cede92021-12-21 12:51:52.196root 11241100x8000000000000000727613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e03133269c5246e2021-12-21 12:51:52.196root 11241100x8000000000000000727614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaa2c15415800e62021-12-21 12:51:52.196root 11241100x8000000000000000727615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0892c4fc7379573a2021-12-21 12:51:52.196root 11241100x8000000000000000727616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78058972b79c64122021-12-21 12:51:52.196root 11241100x8000000000000000727617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1d33dd2aec8dfe2021-12-21 12:51:52.198root 11241100x8000000000000000727618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97087bcb404110cd2021-12-21 12:51:52.198root 11241100x8000000000000000727619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2522c5f342e8f4162021-12-21 12:51:52.198root 11241100x8000000000000000727620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66091e32beede6e2021-12-21 12:51:52.198root 11241100x8000000000000000727621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27819a09265ddac2021-12-21 12:51:52.198root 11241100x8000000000000000727622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074690d325b80ea02021-12-21 12:51:52.198root 11241100x8000000000000000727623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09884ccf5eb1def12021-12-21 12:51:52.198root 11241100x8000000000000000727624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c4ee96d1c5bb862021-12-21 12:51:52.694root 11241100x8000000000000000727625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c15b065b8ce23322021-12-21 12:51:52.694root 11241100x8000000000000000727626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89800c1c5057254a2021-12-21 12:51:52.694root 11241100x8000000000000000727627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6794bc41b11a7e9b2021-12-21 12:51:52.694root 11241100x8000000000000000727628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f69777771102ac42021-12-21 12:51:52.694root 11241100x8000000000000000727629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7ea93668ab95812021-12-21 12:51:52.694root 11241100x8000000000000000727630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bc2b49f7a403732021-12-21 12:51:52.694root 11241100x8000000000000000727631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d74fcc9b827d9462021-12-21 12:51:52.695root 11241100x8000000000000000727632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7714faabdf6487412021-12-21 12:51:52.695root 11241100x8000000000000000727633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b612e2e1ec9f20c12021-12-21 12:51:52.695root 11241100x8000000000000000727634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277fb1cd75a2c79c2021-12-21 12:51:52.695root 11241100x8000000000000000727635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cd0a706d7fea242021-12-21 12:51:52.695root 11241100x8000000000000000727636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd2608d4977d45c2021-12-21 12:51:52.695root 11241100x8000000000000000727637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a214ec7f3951f8352021-12-21 12:51:52.695root 11241100x8000000000000000727638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b7dc4741e22ca92021-12-21 12:51:52.695root 11241100x8000000000000000727639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de66aa0b43e5900b2021-12-21 12:51:52.695root 11241100x8000000000000000727640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398219a953c1fc392021-12-21 12:51:52.695root 11241100x8000000000000000727641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b8aedf5cdf6fb12021-12-21 12:51:52.695root 11241100x8000000000000000727642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42324592a3bbbe72021-12-21 12:51:52.695root 11241100x8000000000000000727643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e65cebf879a0d42021-12-21 12:51:52.695root 11241100x8000000000000000727644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb429bfdbbfd8a02021-12-21 12:51:52.695root 11241100x8000000000000000727645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e005000b8161142021-12-21 12:51:52.695root 11241100x8000000000000000727646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd58640679a678b2021-12-21 12:51:52.695root 11241100x8000000000000000727647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caab169ad2e2e8ef2021-12-21 12:51:52.696root 11241100x8000000000000000727648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0a33a3482538032021-12-21 12:51:52.696root 11241100x8000000000000000727649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d78d192b0c1e522021-12-21 12:51:52.696root 11241100x8000000000000000727650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a55b5922909a4c42021-12-21 12:51:52.696root 11241100x8000000000000000727651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c548d142fdefb2372021-12-21 12:51:52.696root 11241100x8000000000000000727652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc2916150051472021-12-21 12:51:52.696root 11241100x8000000000000000727653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145bd73499e2d4302021-12-21 12:51:52.696root 11241100x8000000000000000727654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12937d199f0b59c2021-12-21 12:51:52.696root 11241100x8000000000000000727655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8887f28f391f5be12021-12-21 12:51:52.696root 11241100x8000000000000000727656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58244a5ad79abbf2021-12-21 12:51:52.696root 11241100x8000000000000000727657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a4c962bd2dd4072021-12-21 12:51:52.696root 11241100x8000000000000000727658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd0e6e15c6452e62021-12-21 12:51:52.696root 11241100x8000000000000000727659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af2188ddd55c2952021-12-21 12:51:52.696root 11241100x8000000000000000727660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09609d5e2f528dd62021-12-21 12:51:52.696root 11241100x8000000000000000727661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef683d65158a550c2021-12-21 12:51:53.194root 11241100x8000000000000000727662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12afd14dccb7860c2021-12-21 12:51:53.194root 11241100x8000000000000000727663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dc49452a1aab1b2021-12-21 12:51:53.194root 11241100x8000000000000000727664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f521379196c50b02021-12-21 12:51:53.194root 11241100x8000000000000000727665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40eab14c27b797d2021-12-21 12:51:53.194root 11241100x8000000000000000727666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfb8ac5ecc96faa2021-12-21 12:51:53.194root 11241100x8000000000000000727667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a968dc04f026b3f62021-12-21 12:51:53.194root 11241100x8000000000000000727668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7914885373ba7422021-12-21 12:51:53.195root 11241100x8000000000000000727669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce57a774c59afd12021-12-21 12:51:53.195root 11241100x8000000000000000727670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13ea4e6b7beda172021-12-21 12:51:53.195root 11241100x8000000000000000727671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53da480355bf5b2021-12-21 12:51:53.195root 11241100x8000000000000000727672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb520ab2919676642021-12-21 12:51:53.195root 11241100x8000000000000000727673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3ac45c269629d22021-12-21 12:51:53.195root 11241100x8000000000000000727674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aa550aa55680622021-12-21 12:51:53.195root 11241100x8000000000000000727675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c159971e4240deac2021-12-21 12:51:53.195root 11241100x8000000000000000727676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facc60a516f45b472021-12-21 12:51:53.195root 11241100x8000000000000000727677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e597faaa71786b92021-12-21 12:51:53.195root 11241100x8000000000000000727678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2248c2036fb293ef2021-12-21 12:51:53.195root 11241100x8000000000000000727679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a3dd8a402a512b2021-12-21 12:51:53.195root 11241100x8000000000000000727680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0580e97d4b1f20c32021-12-21 12:51:53.195root 11241100x8000000000000000727681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56bdb7621d2401f2021-12-21 12:51:53.195root 11241100x8000000000000000727682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ffc466c61a85ab2021-12-21 12:51:53.195root 11241100x8000000000000000727683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffa8152adac88872021-12-21 12:51:53.195root 11241100x8000000000000000727684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decc74ef107528f12021-12-21 12:51:53.196root 11241100x8000000000000000727685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bf9f6e12e6bcc22021-12-21 12:51:53.196root 11241100x8000000000000000727686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d710ee8701d472e02021-12-21 12:51:53.196root 11241100x8000000000000000727687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2abcc5533b210612021-12-21 12:51:53.196root 11241100x8000000000000000727688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a590d74c35fc2a2021-12-21 12:51:53.196root 11241100x8000000000000000727689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda31d43d223d0d52021-12-21 12:51:53.196root 11241100x8000000000000000727690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2006038cae8889352021-12-21 12:51:53.196root 11241100x8000000000000000727691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6939c0a0574bb92021-12-21 12:51:53.196root 11241100x8000000000000000727692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8f71412d625e8a2021-12-21 12:51:53.196root 11241100x8000000000000000727693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43c59fc4ebb8212021-12-21 12:51:53.196root 11241100x8000000000000000727694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac20a88728d8d9d2021-12-21 12:51:53.196root 11241100x8000000000000000727695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a130ac03f552a22021-12-21 12:51:53.196root 11241100x8000000000000000727696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e554fb78170c7a2021-12-21 12:51:53.196root 11241100x8000000000000000727697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e582992f87e2fdc2021-12-21 12:51:53.197root 11241100x8000000000000000727698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f23b3089b734ee2021-12-21 12:51:53.694root 11241100x8000000000000000727699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac838b671f5e4c2021-12-21 12:51:53.694root 11241100x8000000000000000727700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6c088595f58ddc2021-12-21 12:51:53.694root 11241100x8000000000000000727701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001f05c1c897136b2021-12-21 12:51:53.694root 11241100x8000000000000000727702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5578398bb7cb6fb62021-12-21 12:51:53.694root 11241100x8000000000000000727703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674902da29a2b5102021-12-21 12:51:53.694root 11241100x8000000000000000727704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab409fd321c39142021-12-21 12:51:53.694root 11241100x8000000000000000727705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfccc682e3649aaa2021-12-21 12:51:53.695root 11241100x8000000000000000727706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca9e5283e6d8e62021-12-21 12:51:53.695root 11241100x8000000000000000727707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c3b4a70f0d23312021-12-21 12:51:53.695root 11241100x8000000000000000727708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec58083b063daf072021-12-21 12:51:53.695root 11241100x8000000000000000727709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba12bde2395d7582021-12-21 12:51:53.695root 11241100x8000000000000000727710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736b710abc0be9ed2021-12-21 12:51:53.696root 11241100x8000000000000000727711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd02a3b4807b61d2021-12-21 12:51:53.696root 11241100x8000000000000000727712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6340e8fa9bc5872021-12-21 12:51:53.696root 11241100x8000000000000000727713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886c0614fac8d2302021-12-21 12:51:53.696root 11241100x8000000000000000727714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072072ddb3b612282021-12-21 12:51:53.696root 11241100x8000000000000000727715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd5830a43a829f72021-12-21 12:51:53.696root 11241100x8000000000000000727716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c718a51d3435b12021-12-21 12:51:53.696root 11241100x8000000000000000727717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7901b0a76b283052021-12-21 12:51:53.696root 11241100x8000000000000000727718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3e4d0a4910312a2021-12-21 12:51:53.696root 11241100x8000000000000000727719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b02340a6c8a592021-12-21 12:51:53.696root 11241100x8000000000000000727720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf87b7efac63a742021-12-21 12:51:53.696root 11241100x8000000000000000727721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d2d8dab76fe4f2021-12-21 12:51:53.697root 11241100x8000000000000000727722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec5f4bee8dee3cb2021-12-21 12:51:53.697root 11241100x8000000000000000727723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e923e765c95e86512021-12-21 12:51:53.697root 11241100x8000000000000000727724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad18a48b10f1ae2021-12-21 12:51:53.697root 11241100x8000000000000000727725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a6f8206bc1325d2021-12-21 12:51:53.697root 11241100x8000000000000000727726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7050ca53fe6efae22021-12-21 12:51:53.697root 11241100x8000000000000000727727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc97e409017111c2021-12-21 12:51:53.697root 11241100x8000000000000000727728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0abe103dbfd5492021-12-21 12:51:53.697root 11241100x8000000000000000727729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0b940a89479acc2021-12-21 12:51:53.697root 11241100x8000000000000000727730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c0aef7ee1c94c2021-12-21 12:51:53.697root 11241100x8000000000000000727731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118504b7ef1b08a52021-12-21 12:51:53.697root 11241100x8000000000000000727732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a721f6a781c780ef2021-12-21 12:51:53.697root 11241100x8000000000000000727733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9b9787313f948e2021-12-21 12:51:53.697root 11241100x8000000000000000727734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41511219db1d1e372021-12-21 12:51:53.697root 11241100x8000000000000000727735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4339cb4dda3f332021-12-21 12:51:54.194root 11241100x8000000000000000727736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5458d2769dbaa9c12021-12-21 12:51:54.194root 11241100x8000000000000000727737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ba4ae0ab632c92021-12-21 12:51:54.194root 11241100x8000000000000000727738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d718f061c1734b952021-12-21 12:51:54.195root 11241100x8000000000000000727739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e9a49baab67d22021-12-21 12:51:54.195root 11241100x8000000000000000727740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53b773fd9d440502021-12-21 12:51:54.195root 11241100x8000000000000000727741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e556c682bca5d15a2021-12-21 12:51:54.195root 11241100x8000000000000000727742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5052855956cf3d2021-12-21 12:51:54.195root 11241100x8000000000000000727743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85286723836e78392021-12-21 12:51:54.195root 11241100x8000000000000000727744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e58f72bf53a38a2021-12-21 12:51:54.195root 11241100x8000000000000000727745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648da44089e91b822021-12-21 12:51:54.196root 11241100x8000000000000000727746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536450f8542974202021-12-21 12:51:54.196root 11241100x8000000000000000727747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8daa2931a29aed82021-12-21 12:51:54.196root 11241100x8000000000000000727748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f328e3baac68a3e52021-12-21 12:51:54.196root 11241100x8000000000000000727749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1ea9f36d5e125e2021-12-21 12:51:54.196root 11241100x8000000000000000727750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e255f83a26f362021-12-21 12:51:54.196root 11241100x8000000000000000727751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c647fb04b891d6d02021-12-21 12:51:54.196root 11241100x8000000000000000727752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b28241caaae47aa2021-12-21 12:51:54.197root 11241100x8000000000000000727753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e8705fa7b89d202021-12-21 12:51:54.197root 11241100x8000000000000000727754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b56d74422d15b42021-12-21 12:51:54.197root 11241100x8000000000000000727755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f116b48860d70f572021-12-21 12:51:54.197root 11241100x8000000000000000727756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3ea8ac2cd87af42021-12-21 12:51:54.197root 11241100x8000000000000000727757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6cb045e431b5832021-12-21 12:51:54.197root 11241100x8000000000000000727758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0415598a52e6da392021-12-21 12:51:54.197root 11241100x8000000000000000727759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b310ba5079cf6a32021-12-21 12:51:54.198root 11241100x8000000000000000727760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f7cef41c7473582021-12-21 12:51:54.198root 11241100x8000000000000000727761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565fcc51a1cd6cc22021-12-21 12:51:54.198root 11241100x8000000000000000727762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0014c696f51a50022021-12-21 12:51:54.198root 11241100x8000000000000000727763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d019b46009816e3d2021-12-21 12:51:54.198root 11241100x8000000000000000727764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dacee012047690c2021-12-21 12:51:54.198root 11241100x8000000000000000727765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33688383677876ef2021-12-21 12:51:54.198root 11241100x8000000000000000727766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eb7fbc67b092ce2021-12-21 12:51:54.198root 11241100x8000000000000000727767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfccbae77006ebd2021-12-21 12:51:54.198root 11241100x8000000000000000727768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29556a2de909542b2021-12-21 12:51:54.198root 11241100x8000000000000000727769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb5f17c056b6f842021-12-21 12:51:54.198root 11241100x8000000000000000727770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca64635290285b82021-12-21 12:51:54.198root 11241100x8000000000000000727771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b93cd77c28f47f2021-12-21 12:51:54.198root 11241100x8000000000000000727772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7bb3d143e2ac952021-12-21 12:51:54.694root 11241100x8000000000000000727773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35e27e43bd175372021-12-21 12:51:54.694root 11241100x8000000000000000727774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa29c47cb45fd1312021-12-21 12:51:54.694root 11241100x8000000000000000727775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6778ac7d2d7b86f2021-12-21 12:51:54.694root 11241100x8000000000000000727776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc760a66067a0f2021-12-21 12:51:54.694root 11241100x8000000000000000727777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43820c6d2129d072021-12-21 12:51:54.694root 11241100x8000000000000000727778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a96da0b056cc6a2021-12-21 12:51:54.694root 11241100x8000000000000000727779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88d5cf6fa4a58482021-12-21 12:51:54.694root 11241100x8000000000000000727780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a5bab2879572802021-12-21 12:51:54.695root 11241100x8000000000000000727781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84ccd24fac478da2021-12-21 12:51:54.695root 11241100x8000000000000000727782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926f447739c59c702021-12-21 12:51:54.695root 11241100x8000000000000000727783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc1b0341b8f34b22021-12-21 12:51:54.695root 11241100x8000000000000000727784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4104172e9cd58f952021-12-21 12:51:54.695root 11241100x8000000000000000727785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46593ab0b1770d6a2021-12-21 12:51:54.695root 11241100x8000000000000000727786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b1f01e64602332021-12-21 12:51:54.695root 11241100x8000000000000000727787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc832ef92c1be332021-12-21 12:51:54.695root 11241100x8000000000000000727788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5630c49efef3f21e2021-12-21 12:51:54.695root 11241100x8000000000000000727789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce002885e32fbf8e2021-12-21 12:51:54.695root 11241100x8000000000000000727790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c18ed88d7ecd4d2021-12-21 12:51:54.695root 11241100x8000000000000000727791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b5768fb9b66de2021-12-21 12:51:54.695root 11241100x8000000000000000727792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4346fe8ca807d1892021-12-21 12:51:54.695root 11241100x8000000000000000727793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d006cd5c1c78642021-12-21 12:51:54.695root 11241100x8000000000000000727794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef30bb29cea1b5022021-12-21 12:51:54.696root 11241100x8000000000000000727795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3135e713bf6334ae2021-12-21 12:51:54.696root 11241100x8000000000000000727796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b92016cd2c1f9d2021-12-21 12:51:54.696root 11241100x8000000000000000727797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1355b5b557b32ee52021-12-21 12:51:54.696root 11241100x8000000000000000727798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11463e67b49b9e2021-12-21 12:51:54.697root 11241100x8000000000000000727799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27630790819fe82021-12-21 12:51:54.697root 11241100x8000000000000000727800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f3f2c9b984e9462021-12-21 12:51:54.697root 11241100x8000000000000000727801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a512939ea7e333e2021-12-21 12:51:54.697root 11241100x8000000000000000727802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f402eb78033e6f52021-12-21 12:51:54.697root 11241100x8000000000000000727803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b91f31882f324a2021-12-21 12:51:54.697root 11241100x8000000000000000727804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed99e53d4fb82c32021-12-21 12:51:54.697root 11241100x8000000000000000727805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ed963066dab6a2021-12-21 12:51:54.697root 11241100x8000000000000000727806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da06da96feafa9f02021-12-21 12:51:54.698root 11241100x8000000000000000727807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d9562ca84bed62021-12-21 12:51:54.698root 11241100x8000000000000000727808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d173375acc860b2021-12-21 12:51:54.698root 11241100x8000000000000000727809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0355c6ac321db642021-12-21 12:51:55.194root 11241100x8000000000000000727810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0892886937d532021-12-21 12:51:55.194root 11241100x8000000000000000727811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576253270011765d2021-12-21 12:51:55.194root 11241100x8000000000000000727812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf789d7e7f5cfb72021-12-21 12:51:55.194root 11241100x8000000000000000727813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6368639b2855962021-12-21 12:51:55.194root 11241100x8000000000000000727814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3caf2638a692d8d2021-12-21 12:51:55.194root 11241100x8000000000000000727815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7eb5cbf2d6022dc2021-12-21 12:51:55.194root 11241100x8000000000000000727816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7985258215306c72021-12-21 12:51:55.195root 11241100x8000000000000000727817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4126ed3cbc59816f2021-12-21 12:51:55.195root 11241100x8000000000000000727818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f12b4173853f6232021-12-21 12:51:55.195root 11241100x8000000000000000727819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3213f8c436c1db52021-12-21 12:51:55.195root 11241100x8000000000000000727820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda118defd2361042021-12-21 12:51:55.195root 11241100x8000000000000000727821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3d6cc7c29994d62021-12-21 12:51:55.195root 11241100x8000000000000000727822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf6e2d0c93aafb42021-12-21 12:51:55.195root 11241100x8000000000000000727823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5632cc913e41667d2021-12-21 12:51:55.195root 11241100x8000000000000000727824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb7c33cf54b00ae2021-12-21 12:51:55.195root 11241100x8000000000000000727825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c997140fbaa0a5a2021-12-21 12:51:55.195root 11241100x8000000000000000727826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43a8f16899e3132021-12-21 12:51:55.195root 11241100x8000000000000000727827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e51fed86b4cfcf2021-12-21 12:51:55.195root 11241100x8000000000000000727828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d098ff6f8d13b532021-12-21 12:51:55.196root 11241100x8000000000000000727829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e8c0fdd912de532021-12-21 12:51:55.196root 11241100x8000000000000000727830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5fc7003f3bde122021-12-21 12:51:55.196root 11241100x8000000000000000727831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656567f7bd97303b2021-12-21 12:51:55.196root 11241100x8000000000000000727832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37237b9c56bab4012021-12-21 12:51:55.196root 11241100x8000000000000000727833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91481ec90837e7b2021-12-21 12:51:55.196root 11241100x8000000000000000727834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034e3441371814442021-12-21 12:51:55.196root 11241100x8000000000000000727835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea17d3c700d47122021-12-21 12:51:55.196root 11241100x8000000000000000727836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00f03f0b2c8a84f2021-12-21 12:51:55.196root 11241100x8000000000000000727837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2239459788a7f02021-12-21 12:51:55.196root 11241100x8000000000000000727838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e7e24ad1a236bd2021-12-21 12:51:55.196root 11241100x8000000000000000727839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4900ed68e75812992021-12-21 12:51:55.196root 11241100x8000000000000000727840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b1e2ec922c0fe92021-12-21 12:51:55.196root 11241100x8000000000000000727841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac039140bc5e064f2021-12-21 12:51:55.196root 11241100x8000000000000000727842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21de0a88f5bfe2332021-12-21 12:51:55.196root 11241100x8000000000000000727843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ef157740b4c5fa2021-12-21 12:51:55.197root 11241100x8000000000000000727844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b7629133c5426d2021-12-21 12:51:55.197root 11241100x8000000000000000727845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e775368e40279d932021-12-21 12:51:55.197root 11241100x8000000000000000727846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e9e4491781a8922021-12-21 12:51:55.694root 11241100x8000000000000000727847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53354986b794eec22021-12-21 12:51:55.694root 11241100x8000000000000000727848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3284e19921af312021-12-21 12:51:55.694root 11241100x8000000000000000727849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b60e7f922313142021-12-21 12:51:55.694root 11241100x8000000000000000727850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09b1da3fe645cc92021-12-21 12:51:55.694root 11241100x8000000000000000727851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4be6dfd7de764e2021-12-21 12:51:55.694root 11241100x8000000000000000727852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02964b0eb1be2edc2021-12-21 12:51:55.694root 11241100x8000000000000000727853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e78d6d1fa2ffb72021-12-21 12:51:55.694root 11241100x8000000000000000727854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967ee1de7904731b2021-12-21 12:51:55.695root 11241100x8000000000000000727855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50fc649b47f22bf2021-12-21 12:51:55.695root 11241100x8000000000000000727856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006386b6c474f9862021-12-21 12:51:55.695root 11241100x8000000000000000727857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b3a5dcfbeded152021-12-21 12:51:55.695root 11241100x8000000000000000727858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595a6a6105119fe2021-12-21 12:51:55.695root 11241100x8000000000000000727859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e52122db4f89c882021-12-21 12:51:55.695root 11241100x8000000000000000727860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1860eabdb5e8336d2021-12-21 12:51:55.695root 11241100x8000000000000000727861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4d40e436a47df2021-12-21 12:51:55.695root 11241100x8000000000000000727862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0eb5422cd16142021-12-21 12:51:55.695root 11241100x8000000000000000727863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5c73b2300390fb2021-12-21 12:51:55.695root 11241100x8000000000000000727864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e104a266d68e4c8c2021-12-21 12:51:55.695root 11241100x8000000000000000727865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0143aa4b6bf73d72021-12-21 12:51:55.696root 11241100x8000000000000000727866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e9701c1074e0d12021-12-21 12:51:55.696root 11241100x8000000000000000727867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d34398243eb8f42021-12-21 12:51:55.696root 11241100x8000000000000000727868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a00b154ccb8c642021-12-21 12:51:55.696root 11241100x8000000000000000727869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab8032645d651552021-12-21 12:51:55.696root 11241100x8000000000000000727870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca83693d7d43c2b2021-12-21 12:51:55.696root 11241100x8000000000000000727871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d770c244f4c363362021-12-21 12:51:55.696root 11241100x8000000000000000727872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0423b5cc1052bbc2021-12-21 12:51:55.696root 11241100x8000000000000000727873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d022f814bc72c3012021-12-21 12:51:55.696root 11241100x8000000000000000727874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6e6f49f7a4f8362021-12-21 12:51:55.696root 11241100x8000000000000000727875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba3ad25521efc122021-12-21 12:51:55.696root 11241100x8000000000000000727876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730e2ad19f46ed62021-12-21 12:51:55.696root 11241100x8000000000000000727877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc599010cb84c982021-12-21 12:51:55.696root 11241100x8000000000000000727878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db051fd77021ead2021-12-21 12:51:55.696root 11241100x8000000000000000727879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a8fd8235ff31b2021-12-21 12:51:55.696root 11241100x8000000000000000727880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d08e40c8f378fc12021-12-21 12:51:55.697root 11241100x8000000000000000727881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a745ccfd184cd5062021-12-21 12:51:55.697root 11241100x8000000000000000727882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a51c4d16108deee2021-12-21 12:51:55.697root 11241100x8000000000000000727883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f8e6a827af68ae2021-12-21 12:51:56.194root 11241100x8000000000000000727884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ada59da15f50522021-12-21 12:51:56.194root 11241100x8000000000000000727885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f65550b32e43d2021-12-21 12:51:56.194root 11241100x8000000000000000727886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81a4606b41732502021-12-21 12:51:56.194root 11241100x8000000000000000727887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed705846f2601a32021-12-21 12:51:56.194root 11241100x8000000000000000727888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8634cf8392a2933b2021-12-21 12:51:56.194root 11241100x8000000000000000727889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422ad19f61b955362021-12-21 12:51:56.194root 11241100x8000000000000000727890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9e165134c58cc12021-12-21 12:51:56.194root 11241100x8000000000000000727891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab5a81fc9c9fe3f2021-12-21 12:51:56.194root 11241100x8000000000000000727892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0356cd90b9662962021-12-21 12:51:56.195root 11241100x8000000000000000727893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87671de7104954162021-12-21 12:51:56.195root 11241100x8000000000000000727894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ee8e727327ab342021-12-21 12:51:56.195root 11241100x8000000000000000727895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299014b1eb986c842021-12-21 12:51:56.195root 11241100x8000000000000000727896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1204d516e6e4ebfc2021-12-21 12:51:56.195root 11241100x8000000000000000727897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5318b765789d0572021-12-21 12:51:56.195root 11241100x8000000000000000727898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1feecf73ce9fc2021-12-21 12:51:56.195root 11241100x8000000000000000727899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5e292d68eda12e2021-12-21 12:51:56.195root 11241100x8000000000000000727900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be4797a16a5d6b2021-12-21 12:51:56.195root 11241100x8000000000000000727901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4179bc9d305c10cb2021-12-21 12:51:56.195root 11241100x8000000000000000727902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a7becf1c146cf72021-12-21 12:51:56.195root 11241100x8000000000000000727903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a151979853f9c172021-12-21 12:51:56.195root 11241100x8000000000000000727904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ca9aa77887ddd22021-12-21 12:51:56.195root 11241100x8000000000000000727905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c51d0c04622da82021-12-21 12:51:56.195root 11241100x8000000000000000727906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd3d8441335bc642021-12-21 12:51:56.195root 11241100x8000000000000000727907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57378c8bc3c399952021-12-21 12:51:56.196root 11241100x8000000000000000727908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a49710fed3578c2021-12-21 12:51:56.196root 11241100x8000000000000000727909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ff79f4795e56302021-12-21 12:51:56.196root 11241100x8000000000000000727910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa4bafd6013a0d62021-12-21 12:51:56.196root 11241100x8000000000000000727911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7d23c2cd21194a2021-12-21 12:51:56.196root 11241100x8000000000000000727912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792dddb32c209dc2021-12-21 12:51:56.196root 11241100x8000000000000000727913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923803c45390b7fd2021-12-21 12:51:56.196root 11241100x8000000000000000727914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf928e4de5a669fb2021-12-21 12:51:56.196root 11241100x8000000000000000727915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cab468a0b3908e2021-12-21 12:51:56.196root 11241100x8000000000000000727916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caef926c2551e60a2021-12-21 12:51:56.196root 11241100x8000000000000000727917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e46d46a376aa6ed2021-12-21 12:51:56.196root 11241100x8000000000000000727918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732eec2ac0080f4a2021-12-21 12:51:56.196root 11241100x8000000000000000727919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b542e3c805b7aa2021-12-21 12:51:56.196root 11241100x8000000000000000727920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977b50cb88f1694c2021-12-21 12:51:56.694root 11241100x8000000000000000727921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484fb468285cfba2021-12-21 12:51:56.694root 11241100x8000000000000000727922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26636bae5935aad2021-12-21 12:51:56.694root 11241100x8000000000000000727923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41adcf9c1f44afdb2021-12-21 12:51:56.695root 11241100x8000000000000000727924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d35f42c2babc3452021-12-21 12:51:56.695root 11241100x8000000000000000727925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27c20d5bf7789e2021-12-21 12:51:56.695root 11241100x8000000000000000727926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caaba849656c3a52021-12-21 12:51:56.695root 11241100x8000000000000000727927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b2edca719cb8d52021-12-21 12:51:56.695root 11241100x8000000000000000727928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fc4c1b3860dfae2021-12-21 12:51:56.695root 11241100x8000000000000000727929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1649d0962ec672a2021-12-21 12:51:56.695root 11241100x8000000000000000727930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21978879efa1e922021-12-21 12:51:56.695root 11241100x8000000000000000727931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4715ce72aa0c472021-12-21 12:51:56.695root 11241100x8000000000000000727932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aff3af2257fd342021-12-21 12:51:56.695root 11241100x8000000000000000727933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc6da77fdeb7b272021-12-21 12:51:56.695root 11241100x8000000000000000727934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0176911cc8da9722021-12-21 12:51:56.696root 11241100x8000000000000000727935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f8d37e4d65413f2021-12-21 12:51:56.696root 11241100x8000000000000000727936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b7d6ed4a3754bf2021-12-21 12:51:56.698root 11241100x8000000000000000727937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e91bcf3d0ce07f2021-12-21 12:51:56.698root 11241100x8000000000000000727938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5a0683ce7ce1f92021-12-21 12:51:56.699root 11241100x8000000000000000727939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340dd77ab64d1dd02021-12-21 12:51:56.699root 11241100x8000000000000000727940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e82719d1b150b332021-12-21 12:51:56.699root 11241100x8000000000000000727941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7724312fe9296c112021-12-21 12:51:56.699root 11241100x8000000000000000727942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc2ccbbb8d3a54c2021-12-21 12:51:56.699root 11241100x8000000000000000727943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecfc7ef56f8a3772021-12-21 12:51:56.699root 11241100x8000000000000000727944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b95241811b9a6b2021-12-21 12:51:56.699root 11241100x8000000000000000727945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a95a359cf2bdb12021-12-21 12:51:56.700root 11241100x8000000000000000727946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1270717ebbb47e2021-12-21 12:51:56.700root 11241100x8000000000000000727947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c67b44794ca2302021-12-21 12:51:56.700root 11241100x8000000000000000727948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6241f09112bed212021-12-21 12:51:56.701root 11241100x8000000000000000727949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c88da02c3dbd4bf2021-12-21 12:51:56.701root 11241100x8000000000000000727950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182433b695b39ea52021-12-21 12:51:56.701root 11241100x8000000000000000727951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d3e916fa737122021-12-21 12:51:56.701root 11241100x8000000000000000727952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0550a07209e99932021-12-21 12:51:56.701root 11241100x8000000000000000727953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d7a50e52eb36f72021-12-21 12:51:56.701root 11241100x8000000000000000727954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21c08ad843af6632021-12-21 12:51:56.701root 11241100x8000000000000000727955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141116be4eb876de2021-12-21 12:51:56.701root 11241100x8000000000000000727956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de554d7fe6b5ddd72021-12-21 12:51:56.702root 354300x8000000000000000727957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.112{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50596-false10.0.1.12-8000- 11241100x8000000000000000727958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ead2b7a53904d742021-12-21 12:51:57.113root 11241100x8000000000000000727959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347c40aa89489f5e2021-12-21 12:51:57.113root 11241100x8000000000000000727960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a3e215ae4a4bce2021-12-21 12:51:57.113root 11241100x8000000000000000727961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ba0da13cf3f3252021-12-21 12:51:57.114root 11241100x8000000000000000727962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b883ef1b45cd2cd2021-12-21 12:51:57.114root 11241100x8000000000000000727963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46afa1354ed4e7452021-12-21 12:51:57.114root 11241100x8000000000000000727964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4645f57a2816026f2021-12-21 12:51:57.114root 11241100x8000000000000000727965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad827d7acb67fb62021-12-21 12:51:57.114root 11241100x8000000000000000727966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba9a8829a925742021-12-21 12:51:57.114root 11241100x8000000000000000727967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe708bc11346e7712021-12-21 12:51:57.114root 11241100x8000000000000000727968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ad418bcc4f2b32021-12-21 12:51:57.114root 11241100x8000000000000000727969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5510bb6d7c82682021-12-21 12:51:57.115root 11241100x8000000000000000727970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd40db142d5484a2021-12-21 12:51:57.115root 11241100x8000000000000000727971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79799b944b3f3502021-12-21 12:51:57.115root 11241100x8000000000000000727972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a800f7be1c22992021-12-21 12:51:57.115root 11241100x8000000000000000727973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea873d63a992682021-12-21 12:51:57.115root 11241100x8000000000000000727974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7550dbeb5bd5d9a82021-12-21 12:51:57.115root 11241100x8000000000000000727975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f8e3027bf6c91f2021-12-21 12:51:57.116root 11241100x8000000000000000727976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa729c320a4153922021-12-21 12:51:57.116root 11241100x8000000000000000727977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6172139ab242b402021-12-21 12:51:57.116root 11241100x8000000000000000727978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f880a90fc7c18ae2021-12-21 12:51:57.116root 11241100x8000000000000000727979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a1ec4b24457bc52021-12-21 12:51:57.116root 11241100x8000000000000000727980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0fad85d565b71e2021-12-21 12:51:57.116root 11241100x8000000000000000727981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925a07f342072fe72021-12-21 12:51:57.116root 11241100x8000000000000000727982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f32b5be342c2d982021-12-21 12:51:57.116root 11241100x8000000000000000727983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df9b97430666d162021-12-21 12:51:57.116root 11241100x8000000000000000727984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614fbc185002c442021-12-21 12:51:57.116root 11241100x8000000000000000727985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd60bc6eee5244c2021-12-21 12:51:57.117root 11241100x8000000000000000727986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56e0ed8274f4ed42021-12-21 12:51:57.117root 11241100x8000000000000000727987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422ef9122cf0b2f2021-12-21 12:51:57.118root 11241100x8000000000000000727988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6c9edfdf54b5152021-12-21 12:51:57.118root 11241100x8000000000000000727989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c57b13da01a71b32021-12-21 12:51:57.118root 11241100x8000000000000000727990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2689be5fca1dc9502021-12-21 12:51:57.118root 11241100x8000000000000000727991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcedea9d93b4600a2021-12-21 12:51:57.118root 11241100x8000000000000000727992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253abde489ecc3992021-12-21 12:51:57.118root 11241100x8000000000000000727993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e8d2ceed173e962021-12-21 12:51:57.118root 11241100x8000000000000000727994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631ca1794ec415fc2021-12-21 12:51:57.118root 11241100x8000000000000000727995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3617a527de488992021-12-21 12:51:57.119root 11241100x8000000000000000727996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a80a9048ef357822021-12-21 12:51:57.119root 11241100x8000000000000000727997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf7849eb94146a52021-12-21 12:51:57.119root 11241100x8000000000000000727998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458479ee30d12f0a2021-12-21 12:51:57.119root 11241100x8000000000000000727999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a341743ec2cb1292021-12-21 12:51:57.119root 11241100x8000000000000000728000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bfd9ac912981052021-12-21 12:51:57.119root 11241100x8000000000000000728001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e1a1d1f8bb3242021-12-21 12:51:57.119root 11241100x8000000000000000728002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac8d6a159214d0e2021-12-21 12:51:57.119root 11241100x8000000000000000728003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89ecd7a5036c0882021-12-21 12:51:57.120root 11241100x8000000000000000728004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c47cfadf99b75a2021-12-21 12:51:57.120root 11241100x8000000000000000728005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca4ec358caa08f2021-12-21 12:51:57.120root 11241100x8000000000000000728006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de01ca2460f4a0c82021-12-21 12:51:57.120root 11241100x8000000000000000728007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ddf39d20c59ea72021-12-21 12:51:57.120root 11241100x8000000000000000728008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e25347f3c814962021-12-21 12:51:57.120root 11241100x8000000000000000728009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b5a0cabf6050552021-12-21 12:51:57.120root 11241100x8000000000000000728010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b0280bf7a3b742021-12-21 12:51:57.121root 11241100x8000000000000000728011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a1d0a88fd556732021-12-21 12:51:57.121root 11241100x8000000000000000728012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0c654e4ebc49002021-12-21 12:51:57.121root 11241100x8000000000000000728013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515072ffde9a58ce2021-12-21 12:51:57.121root 11241100x8000000000000000728014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df690fabd69e6482021-12-21 12:51:57.121root 11241100x8000000000000000728015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a976ee35e533fe692021-12-21 12:51:57.121root 11241100x8000000000000000728016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f196b9a098cacdf82021-12-21 12:51:57.121root 11241100x8000000000000000728017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a8072aad8d192b2021-12-21 12:51:57.121root 11241100x8000000000000000728018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79243978f88d1b7d2021-12-21 12:51:57.122root 11241100x8000000000000000728019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7d2346dae0d2872021-12-21 12:51:57.122root 11241100x8000000000000000728020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa6ce779713027b2021-12-21 12:51:57.122root 11241100x8000000000000000728021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f836f3cc274a7a92021-12-21 12:51:57.122root 11241100x8000000000000000728022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5493e5899c9b1d982021-12-21 12:51:57.122root 11241100x8000000000000000728023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab5adb4b41f859a2021-12-21 12:51:57.122root 11241100x8000000000000000728024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c4bb1d0f8f5eee2021-12-21 12:51:57.122root 11241100x8000000000000000728025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8822ab25ca5d32f2021-12-21 12:51:57.122root 11241100x8000000000000000728026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eecd8ccc8d1ce02021-12-21 12:51:57.122root 11241100x8000000000000000728027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208f1363250ef9572021-12-21 12:51:57.122root 11241100x8000000000000000728028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6033d2944c626432021-12-21 12:51:57.122root 11241100x8000000000000000728029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5994c87cde5ae2021-12-21 12:51:57.122root 11241100x8000000000000000728030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442103b7282f1a142021-12-21 12:51:57.122root 11241100x8000000000000000728031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037ed240b8e5ed672021-12-21 12:51:57.123root 11241100x8000000000000000728032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e72ec2c425e62082021-12-21 12:51:57.123root 11241100x8000000000000000728033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ffd53a91b200f62021-12-21 12:51:57.123root 11241100x8000000000000000728034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37af9a409ab1164e2021-12-21 12:51:57.123root 11241100x8000000000000000728035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f290c854a45508a2021-12-21 12:51:57.123root 11241100x8000000000000000728036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf3443dd4a6391c2021-12-21 12:51:57.123root 11241100x8000000000000000728037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df5e8eb10dd52bc2021-12-21 12:51:57.123root 11241100x8000000000000000728038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be88535f0af1793a2021-12-21 12:51:57.123root 11241100x8000000000000000728039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17238069ccae3fd2021-12-21 12:51:57.123root 11241100x8000000000000000728040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad48d4de624864a52021-12-21 12:51:57.123root 11241100x8000000000000000728041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889f5500878ddc1b2021-12-21 12:51:57.124root 11241100x8000000000000000728042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebaf9bea989a0ec2021-12-21 12:51:57.124root 11241100x8000000000000000728043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c93fa453d9a5a12021-12-21 12:51:57.124root 11241100x8000000000000000728044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9906e3fc1b1794b2021-12-21 12:51:57.124root 11241100x8000000000000000728045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f75fafeed9f022021-12-21 12:51:57.124root 11241100x8000000000000000728046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5672f98ee32289c02021-12-21 12:51:57.124root 11241100x8000000000000000728047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88caf407c12f7de2021-12-21 12:51:57.124root 11241100x8000000000000000728048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61731151c0839d12021-12-21 12:51:57.124root 11241100x8000000000000000728049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adffe474f7c1ff22021-12-21 12:51:57.124root 11241100x8000000000000000728050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24df04657b819e72021-12-21 12:51:57.124root 11241100x8000000000000000728051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a177f82deadc22ab2021-12-21 12:51:57.124root 11241100x8000000000000000728052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea459b2f0bbdc8f82021-12-21 12:51:57.124root 11241100x8000000000000000728053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dcb0ca2ac77cdd2021-12-21 12:51:57.124root 11241100x8000000000000000728054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c42ad10944ff462021-12-21 12:51:57.124root 11241100x8000000000000000728055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b3c5663e3a31842021-12-21 12:51:57.443root 11241100x8000000000000000728056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c6838a1797288d2021-12-21 12:51:57.443root 11241100x8000000000000000728057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aac13fa66b8cbe2021-12-21 12:51:57.443root 11241100x8000000000000000728058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87781f54eff63b412021-12-21 12:51:57.444root 11241100x8000000000000000728059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733e90e1bd856aad2021-12-21 12:51:57.444root 11241100x8000000000000000728060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc7a5e4cb461e82021-12-21 12:51:57.444root 11241100x8000000000000000728061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716e4a1688f5a9442021-12-21 12:51:57.444root 11241100x8000000000000000728062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59af5a9cfe3af0592021-12-21 12:51:57.444root 11241100x8000000000000000728063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1cd6d387f944542021-12-21 12:51:57.444root 11241100x8000000000000000728064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2686f459b5c9ff6e2021-12-21 12:51:57.444root 11241100x8000000000000000728065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11771edc9bca64252021-12-21 12:51:57.444root 11241100x8000000000000000728066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc1dfe37bd558a2021-12-21 12:51:57.444root 11241100x8000000000000000728067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab008d4f3f79adf2021-12-21 12:51:57.444root 11241100x8000000000000000728068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff75a74220c8b382021-12-21 12:51:57.444root 11241100x8000000000000000728069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146d5649c1eedeea2021-12-21 12:51:57.444root 11241100x8000000000000000728070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb567395e5522772021-12-21 12:51:57.444root 11241100x8000000000000000728071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0b5ba1759111e72021-12-21 12:51:57.444root 11241100x8000000000000000728072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4aaf8d06d2b2b8a2021-12-21 12:51:57.444root 11241100x8000000000000000728073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cf1fe1cdcbf6082021-12-21 12:51:57.445root 11241100x8000000000000000728074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdedacd619c134f2021-12-21 12:51:57.445root 11241100x8000000000000000728075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401040d847da6c562021-12-21 12:51:57.445root 11241100x8000000000000000728076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c1e8c8bb4cf23b2021-12-21 12:51:57.445root 11241100x8000000000000000728077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac219a0c6f4d6792021-12-21 12:51:57.445root 11241100x8000000000000000728078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065d714a3d4fbe4c2021-12-21 12:51:57.445root 11241100x8000000000000000728079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c41cc1f0fc01b52021-12-21 12:51:57.445root 11241100x8000000000000000728080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481abfeb56226352021-12-21 12:51:57.445root 11241100x8000000000000000728081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70cd7cd994c7702021-12-21 12:51:57.445root 11241100x8000000000000000728082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7d445a1f3e10a32021-12-21 12:51:57.445root 11241100x8000000000000000728083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5cd61fa822627c2021-12-21 12:51:57.445root 11241100x8000000000000000728084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711541022a6899112021-12-21 12:51:57.445root 11241100x8000000000000000728085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270e10e82d57fafe2021-12-21 12:51:57.445root 11241100x8000000000000000728086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b131b756a1fc59c62021-12-21 12:51:57.445root 11241100x8000000000000000728087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712a101a295689ee2021-12-21 12:51:57.446root 11241100x8000000000000000728088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdd43a4e754812d2021-12-21 12:51:57.446root 11241100x8000000000000000728089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b2de8d22e92132021-12-21 12:51:57.446root 11241100x8000000000000000728090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47bb60d6dd931102021-12-21 12:51:57.446root 11241100x8000000000000000728091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c41c7097f3a6912021-12-21 12:51:57.446root 11241100x8000000000000000728092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6dfac3d222076c2021-12-21 12:51:57.446root 11241100x8000000000000000728093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a78ffc53d07bd2021-12-21 12:51:57.446root 11241100x8000000000000000728094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361b5cca2d37ab322021-12-21 12:51:57.446root 11241100x8000000000000000728095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae803874c99961d2021-12-21 12:51:57.446root 11241100x8000000000000000728096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6950e2987f266142021-12-21 12:51:57.446root 11241100x8000000000000000728097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e20719ef0c1437f2021-12-21 12:51:57.446root 11241100x8000000000000000728098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b876b29e9138c0a72021-12-21 12:51:57.446root 11241100x8000000000000000728099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ee8f4b81b089452021-12-21 12:51:57.446root 11241100x8000000000000000728100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c9869b0be1a2f02021-12-21 12:51:57.447root 11241100x8000000000000000728101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163443b1b11593d2021-12-21 12:51:57.447root 11241100x8000000000000000728102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03fb7190f8399512021-12-21 12:51:57.447root 11241100x8000000000000000728103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7ebae39a8ff6b72021-12-21 12:51:57.943root 11241100x8000000000000000728104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdefb103451a4262021-12-21 12:51:57.943root 11241100x8000000000000000728105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ce1bd5995132162021-12-21 12:51:57.943root 11241100x8000000000000000728106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0027a59c6979df2021-12-21 12:51:57.943root 11241100x8000000000000000728107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b232bf2bea22f42021-12-21 12:51:57.944root 11241100x8000000000000000728108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53a8ace6ccf43402021-12-21 12:51:57.944root 11241100x8000000000000000728109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d392cb0072b7de3d2021-12-21 12:51:57.944root 11241100x8000000000000000728110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfff5ba1bc072f2021-12-21 12:51:57.944root 11241100x8000000000000000728111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cddd41be2ff4002021-12-21 12:51:57.944root 11241100x8000000000000000728112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17c864534954da62021-12-21 12:51:57.944root 11241100x8000000000000000728113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1865fbf80033f4ef2021-12-21 12:51:57.944root 11241100x8000000000000000728114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f067503cba8323d2021-12-21 12:51:57.944root 11241100x8000000000000000728115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ca9139afdffe852021-12-21 12:51:57.944root 11241100x8000000000000000728116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92616b200b090c922021-12-21 12:51:57.944root 11241100x8000000000000000728117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dce6d9b2e10e552021-12-21 12:51:57.944root 11241100x8000000000000000728118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0bdab16df8d5222021-12-21 12:51:57.944root 11241100x8000000000000000728119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e3d5ac0f3f904c2021-12-21 12:51:57.944root 11241100x8000000000000000728120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e016c10ab09979462021-12-21 12:51:57.945root 11241100x8000000000000000728121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cf33d9fa2be5662021-12-21 12:51:57.945root 11241100x8000000000000000728122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e088fe5b5f3943b22021-12-21 12:51:57.945root 11241100x8000000000000000728123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299463a4f9346a922021-12-21 12:51:57.945root 11241100x8000000000000000728124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a18f5757bef5ac2021-12-21 12:51:57.945root 11241100x8000000000000000728125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfc79f056a87aca2021-12-21 12:51:57.945root 11241100x8000000000000000728126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca84089e12d039c2021-12-21 12:51:57.945root 11241100x8000000000000000728127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c8073912cc62e2021-12-21 12:51:57.945root 11241100x8000000000000000728128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125aef4bb64700cc2021-12-21 12:51:57.945root 11241100x8000000000000000728129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab16c262284e3ff2021-12-21 12:51:57.945root 11241100x8000000000000000728130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cedcfc11138f7382021-12-21 12:51:57.945root 11241100x8000000000000000728131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be748e9247d5419c2021-12-21 12:51:57.945root 11241100x8000000000000000728132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb7fcf93168391e2021-12-21 12:51:57.945root 11241100x8000000000000000728133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe37beae7dd8ed02021-12-21 12:51:57.945root 11241100x8000000000000000728134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c716e74a81f2b662021-12-21 12:51:57.945root 11241100x8000000000000000728135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1586248d1182f72021-12-21 12:51:57.945root 11241100x8000000000000000728136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5286513cf147ceea2021-12-21 12:51:57.946root 11241100x8000000000000000728137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6bb0bca353c85e2021-12-21 12:51:57.946root 11241100x8000000000000000728138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d463c42661b04bb72021-12-21 12:51:57.946root 11241100x8000000000000000728139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3aa5f636ecf0222021-12-21 12:51:57.946root 11241100x8000000000000000728140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f473fa1e3f9d64e52021-12-21 12:51:57.946root 11241100x8000000000000000728141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e145572091382a792021-12-21 12:51:57.946root 11241100x8000000000000000728142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbb94db5b3c54102021-12-21 12:51:57.946root 11241100x8000000000000000728143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e787ce19ab309f772021-12-21 12:51:57.946root 11241100x8000000000000000728144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17438a48a887a51b2021-12-21 12:51:58.443root 11241100x8000000000000000728145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91121fa1ad4bdbf72021-12-21 12:51:58.443root 11241100x8000000000000000728146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bb653e4b0af95b2021-12-21 12:51:58.443root 11241100x8000000000000000728147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65daff8ea0e281872021-12-21 12:51:58.443root 11241100x8000000000000000728148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882b9369a18aee862021-12-21 12:51:58.444root 11241100x8000000000000000728149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57af23bff610c77d2021-12-21 12:51:58.444root 11241100x8000000000000000728150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2f7392991796da2021-12-21 12:51:58.444root 11241100x8000000000000000728151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb42299751620692021-12-21 12:51:58.444root 11241100x8000000000000000728152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999950f4e08866bc2021-12-21 12:51:58.444root 11241100x8000000000000000728153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b77d6919d2f3dc42021-12-21 12:51:58.444root 11241100x8000000000000000728154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cf368daf64db8a2021-12-21 12:51:58.444root 11241100x8000000000000000728155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5acd894fac15102021-12-21 12:51:58.444root 11241100x8000000000000000728156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f23734bfcbe6c3a2021-12-21 12:51:58.444root 11241100x8000000000000000728157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38168b9ced4c56062021-12-21 12:51:58.444root 11241100x8000000000000000728158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26549dc218664172021-12-21 12:51:58.444root 11241100x8000000000000000728159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e785ba602df254f2021-12-21 12:51:58.445root 11241100x8000000000000000728160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f09ab48b9fe8e022021-12-21 12:51:58.445root 11241100x8000000000000000728161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e75fa698518b15a2021-12-21 12:51:58.445root 11241100x8000000000000000728162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a9205b2e08c67c2021-12-21 12:51:58.445root 11241100x8000000000000000728163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e332387a4cd470922021-12-21 12:51:58.446root 11241100x8000000000000000728164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1bcc354ab55c312021-12-21 12:51:58.447root 11241100x8000000000000000728165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c61eb837597e882021-12-21 12:51:58.447root 11241100x8000000000000000728166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bdd26b95076a972021-12-21 12:51:58.447root 11241100x8000000000000000728167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8116493499b2cc972021-12-21 12:51:58.447root 11241100x8000000000000000728168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3f1b4ff838d942021-12-21 12:51:58.447root 11241100x8000000000000000728169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9c95e234aa4c3c2021-12-21 12:51:58.447root 11241100x8000000000000000728170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51174a34992e86582021-12-21 12:51:58.447root 11241100x8000000000000000728171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b83be72ee8fec72021-12-21 12:51:58.447root 11241100x8000000000000000728172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ed156734775c162021-12-21 12:51:58.447root 11241100x8000000000000000728173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a9b6a00f51ee12021-12-21 12:51:58.447root 11241100x8000000000000000728174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce26ab1cd35cda042021-12-21 12:51:58.447root 11241100x8000000000000000728175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435c22c0b331e8be2021-12-21 12:51:58.447root 11241100x8000000000000000728176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b8d8574f77ac972021-12-21 12:51:58.447root 11241100x8000000000000000728177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c1c514bec30f332021-12-21 12:51:58.448root 11241100x8000000000000000728178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f753a187813d31ce2021-12-21 12:51:58.448root 11241100x8000000000000000728179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e8bc9f88a6d9882021-12-21 12:51:58.448root 11241100x8000000000000000728180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11c85ad46c4c1cc2021-12-21 12:51:58.448root 11241100x8000000000000000728181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6381f3110ea597a2021-12-21 12:51:58.448root 11241100x8000000000000000728182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef313d79b1c8bf12021-12-21 12:51:58.943root 11241100x8000000000000000728183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2c7c2733ac63b02021-12-21 12:51:58.943root 11241100x8000000000000000728184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c01ca679c8ee342021-12-21 12:51:58.943root 11241100x8000000000000000728185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18228f270d68def02021-12-21 12:51:58.944root 11241100x8000000000000000728186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a6d78a78823dde2021-12-21 12:51:58.944root 11241100x8000000000000000728187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68d59254b42ae462021-12-21 12:51:58.944root 11241100x8000000000000000728188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bba1584e27d4e862021-12-21 12:51:58.944root 11241100x8000000000000000728189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedba35308f57b142021-12-21 12:51:58.944root 11241100x8000000000000000728190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d315052450f4af2021-12-21 12:51:58.944root 11241100x8000000000000000728191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b82393ce77710722021-12-21 12:51:58.944root 11241100x8000000000000000728192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8f2c235f92bc3b2021-12-21 12:51:58.944root 11241100x8000000000000000728193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520fe9f166066dc22021-12-21 12:51:58.944root 11241100x8000000000000000728194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfcfbc1be27984c2021-12-21 12:51:58.944root 11241100x8000000000000000728195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f5325bacbdbb622021-12-21 12:51:58.944root 11241100x8000000000000000728196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dee5c803ef93b0a2021-12-21 12:51:58.944root 11241100x8000000000000000728197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ffbc21693fedd32021-12-21 12:51:58.944root 11241100x8000000000000000728198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657a1922000ba4d92021-12-21 12:51:58.944root 11241100x8000000000000000728199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31161b43342f31d02021-12-21 12:51:58.944root 11241100x8000000000000000728200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406b982ad9f6c9da2021-12-21 12:51:58.944root 11241100x8000000000000000728201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5ab3a397b477f22021-12-21 12:51:58.945root 11241100x8000000000000000728202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aa4d733293d0fd2021-12-21 12:51:58.945root 11241100x8000000000000000728203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23439004cd3683b92021-12-21 12:51:58.945root 11241100x8000000000000000728204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982974ca58e350992021-12-21 12:51:58.945root 11241100x8000000000000000728205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9cef0a6e303aab2021-12-21 12:51:58.945root 11241100x8000000000000000728206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8fc62040170ae12021-12-21 12:51:58.945root 11241100x8000000000000000728207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c991e90d245552021-12-21 12:51:58.945root 11241100x8000000000000000728208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21600fffa2d7412d2021-12-21 12:51:58.945root 11241100x8000000000000000728209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8bd156fda01d9a2021-12-21 12:51:58.945root 11241100x8000000000000000728210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb8cdb443c646042021-12-21 12:51:58.945root 11241100x8000000000000000728211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed35264b418b3382021-12-21 12:51:58.945root 11241100x8000000000000000728212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466944049746be1e2021-12-21 12:51:58.945root 11241100x8000000000000000728213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd048fc1baa3f2072021-12-21 12:51:58.945root 11241100x8000000000000000728214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5975a1dd0936e3db2021-12-21 12:51:58.945root 11241100x8000000000000000728215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a562b2bce7da192021-12-21 12:51:58.945root 11241100x8000000000000000728216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c264fe380e57092021-12-21 12:51:58.945root 11241100x8000000000000000728217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8580418d9b6d075b2021-12-21 12:51:58.945root 11241100x8000000000000000728218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d0c3de84a59622021-12-21 12:51:58.946root 11241100x8000000000000000728219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e571932f9f406312021-12-21 12:51:58.946root 11241100x8000000000000000728220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b80b6cb0334bc9d2021-12-21 12:51:59.443root 11241100x8000000000000000728221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1039a628e068199f2021-12-21 12:51:59.443root 11241100x8000000000000000728222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8dd09b3b561af42021-12-21 12:51:59.443root 11241100x8000000000000000728223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5da515eb0ce04ef2021-12-21 12:51:59.443root 11241100x8000000000000000728224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c48914091592b62021-12-21 12:51:59.444root 11241100x8000000000000000728225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c113ec2546800452021-12-21 12:51:59.444root 11241100x8000000000000000728226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8de023b8d4fb102021-12-21 12:51:59.444root 11241100x8000000000000000728227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aae0d1fd494eaf62021-12-21 12:51:59.444root 11241100x8000000000000000728228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7110981f766a32021-12-21 12:51:59.444root 11241100x8000000000000000728229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd80a085f0b64102021-12-21 12:51:59.444root 11241100x8000000000000000728230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a244d66cd2ce4a5c2021-12-21 12:51:59.444root 11241100x8000000000000000728231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefd2c7f02b0274d2021-12-21 12:51:59.444root 11241100x8000000000000000728232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bea72477289472021-12-21 12:51:59.444root 11241100x8000000000000000728233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf708248770fd472021-12-21 12:51:59.444root 11241100x8000000000000000728234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506cc39901173df02021-12-21 12:51:59.444root 11241100x8000000000000000728235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd18b7d95617c6b2021-12-21 12:51:59.444root 11241100x8000000000000000728236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb343f7cc1406752021-12-21 12:51:59.444root 11241100x8000000000000000728237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f337905bcc2d722021-12-21 12:51:59.444root 11241100x8000000000000000728238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a363c2849c33232021-12-21 12:51:59.444root 11241100x8000000000000000728239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa93f0b1ba1e27332021-12-21 12:51:59.444root 11241100x8000000000000000728240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3702d4725cb5fa332021-12-21 12:51:59.445root 11241100x8000000000000000728241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef5accdb34b46a2021-12-21 12:51:59.445root 11241100x8000000000000000728242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8a0ee0308b5eaa2021-12-21 12:51:59.445root 11241100x8000000000000000728243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c4b35e3dbcee492021-12-21 12:51:59.445root 11241100x8000000000000000728244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a797237c25489c12021-12-21 12:51:59.445root 11241100x8000000000000000728245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9421f5fde6862b2021-12-21 12:51:59.445root 11241100x8000000000000000728246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a18143847b380da2021-12-21 12:51:59.445root 11241100x8000000000000000728247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3300599377a4dd72021-12-21 12:51:59.445root 11241100x8000000000000000728248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927f1b67111f00c82021-12-21 12:51:59.445root 11241100x8000000000000000728249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb08bab5c5f874f2021-12-21 12:51:59.445root 11241100x8000000000000000728250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ba75dfe46386552021-12-21 12:51:59.445root 11241100x8000000000000000728251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195779dd2d1aeeff2021-12-21 12:51:59.445root 11241100x8000000000000000728252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce16b3934034bb62021-12-21 12:51:59.445root 11241100x8000000000000000728253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69631f7cacbc2e2021-12-21 12:51:59.445root 11241100x8000000000000000728254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e8b7602a80755f2021-12-21 12:51:59.445root 11241100x8000000000000000728255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f586c6d3f88960b12021-12-21 12:51:59.445root 11241100x8000000000000000728256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5af7bca38f83ac2021-12-21 12:51:59.446root 11241100x8000000000000000728257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cbc0c0636f01112021-12-21 12:51:59.446root 11241100x8000000000000000728258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e9594a775087712021-12-21 12:51:59.446root 11241100x8000000000000000728259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404d453b332f2faa2021-12-21 12:51:59.446root 11241100x8000000000000000728260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4705ee746017852021-12-21 12:51:59.446root 11241100x8000000000000000728261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9733c7096b2092021-12-21 12:51:59.446root 11241100x8000000000000000728262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00809130538d825f2021-12-21 12:51:59.446root 11241100x8000000000000000728263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d7c0ddf88b739e2021-12-21 12:51:59.446root 11241100x8000000000000000728264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74798c9b5c45962021-12-21 12:51:59.446root 11241100x8000000000000000728265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb06f55b3836ebce2021-12-21 12:51:59.943root 11241100x8000000000000000728266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adaf434b3aadb292021-12-21 12:51:59.943root 11241100x8000000000000000728267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d9a611c25719c42021-12-21 12:51:59.943root 11241100x8000000000000000728268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d07aea3205879b42021-12-21 12:51:59.943root 11241100x8000000000000000728269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aadc13520190802021-12-21 12:51:59.944root 11241100x8000000000000000728270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905b91f5380538642021-12-21 12:51:59.944root 11241100x8000000000000000728271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdee862e014f0a92021-12-21 12:51:59.944root 11241100x8000000000000000728272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b892744690391d0e2021-12-21 12:51:59.944root 11241100x8000000000000000728273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5956b74bc9aed3b52021-12-21 12:51:59.944root 11241100x8000000000000000728274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e80f00fe7660b2021-12-21 12:51:59.944root 11241100x8000000000000000728275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd95db4b700ef392021-12-21 12:51:59.944root 11241100x8000000000000000728276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29be80a659c826312021-12-21 12:51:59.944root 11241100x8000000000000000728277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e2c388e023e6422021-12-21 12:51:59.944root 11241100x8000000000000000728278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32e0da650f0308c2021-12-21 12:51:59.944root 11241100x8000000000000000728279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bce45b3042fb162021-12-21 12:51:59.944root 11241100x8000000000000000728280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0314feaba8abfb2021-12-21 12:51:59.944root 11241100x8000000000000000728281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc4bbf48ac621952021-12-21 12:51:59.944root 11241100x8000000000000000728282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef9bb3e712671852021-12-21 12:51:59.944root 11241100x8000000000000000728283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3da979f8db9b42c2021-12-21 12:51:59.945root 11241100x8000000000000000728284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a77c1e868dc55f2021-12-21 12:51:59.945root 11241100x8000000000000000728285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e713bd17c1e3c2021-12-21 12:51:59.945root 11241100x8000000000000000728286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37df22dc8af910862021-12-21 12:51:59.945root 11241100x8000000000000000728287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ac8ca5625661fc2021-12-21 12:51:59.945root 11241100x8000000000000000728288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05a08a70f1d4a982021-12-21 12:51:59.945root 11241100x8000000000000000728289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275900da986b89bc2021-12-21 12:51:59.945root 11241100x8000000000000000728290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab37865dd7290ad2021-12-21 12:51:59.945root 11241100x8000000000000000728291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49eb0739f1b80d02021-12-21 12:51:59.945root 11241100x8000000000000000728292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86850247ea7b8fa02021-12-21 12:51:59.945root 11241100x8000000000000000728293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14887461194ae3242021-12-21 12:51:59.945root 11241100x8000000000000000728294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e740c3a7c428cac62021-12-21 12:51:59.945root 11241100x8000000000000000728295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f06f4aa0002ea262021-12-21 12:51:59.945root 11241100x8000000000000000728296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3672b5ef583bf1eb2021-12-21 12:51:59.945root 11241100x8000000000000000728297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb65bc6414fcba2021-12-21 12:51:59.945root 11241100x8000000000000000728298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ceee43929215872021-12-21 12:51:59.946root 11241100x8000000000000000728299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f749025d4a364ee2021-12-21 12:51:59.946root 11241100x8000000000000000728300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886f20ec742445c42021-12-21 12:51:59.946root 11241100x8000000000000000728301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6812fd4cf8417b02021-12-21 12:51:59.946root 11241100x8000000000000000728302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4711ece90577b952021-12-21 12:51:59.946root 11241100x8000000000000000728303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3756d640554c196f2021-12-21 12:51:59.946root 11241100x8000000000000000728304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ee979fd1cb25832021-12-21 12:51:59.946root 11241100x8000000000000000728305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48eec420d3b31122021-12-21 12:52:00.443root 11241100x8000000000000000728306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7b5f68c018016f2021-12-21 12:52:00.443root 11241100x8000000000000000728307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9cb73f901130b82021-12-21 12:52:00.443root 11241100x8000000000000000728308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa2649a146c7b762021-12-21 12:52:00.443root 11241100x8000000000000000728309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc934f602aad3b52021-12-21 12:52:00.444root 11241100x8000000000000000728310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c35ba5302951c0c2021-12-21 12:52:00.444root 11241100x8000000000000000728311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bb1849c31637a42021-12-21 12:52:00.444root 11241100x8000000000000000728312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44230cdb05dfefe2021-12-21 12:52:00.444root 11241100x8000000000000000728313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d801b4352a56e6332021-12-21 12:52:00.444root 11241100x8000000000000000728314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce2730305acc0172021-12-21 12:52:00.444root 11241100x8000000000000000728315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fec2d04e68f8ed2021-12-21 12:52:00.444root 11241100x8000000000000000728316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee1220d796e68e42021-12-21 12:52:00.444root 11241100x8000000000000000728317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0671133836bf43e62021-12-21 12:52:00.444root 11241100x8000000000000000728318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88816faf65795b712021-12-21 12:52:00.444root 11241100x8000000000000000728319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d361466a3adff952021-12-21 12:52:00.444root 11241100x8000000000000000728320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eb1075fc8da4342021-12-21 12:52:00.444root 11241100x8000000000000000728321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edde0bee1225af92021-12-21 12:52:00.444root 11241100x8000000000000000728322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dea7472e21b23a2021-12-21 12:52:00.444root 11241100x8000000000000000728323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c36dcdce37dffa2021-12-21 12:52:00.444root 11241100x8000000000000000728324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a113b4f269fc7812021-12-21 12:52:00.444root 11241100x8000000000000000728325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77b923532ded9452021-12-21 12:52:00.445root 11241100x8000000000000000728326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5d7ebd206cffe02021-12-21 12:52:00.445root 11241100x8000000000000000728327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e0d26f952398ed2021-12-21 12:52:00.445root 11241100x8000000000000000728328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2635d5bf61606c182021-12-21 12:52:00.445root 11241100x8000000000000000728329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6f40375d7629622021-12-21 12:52:00.445root 11241100x8000000000000000728330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4836a77784a7a1032021-12-21 12:52:00.445root 11241100x8000000000000000728331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534fa84c7dc662122021-12-21 12:52:00.445root 11241100x8000000000000000728332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5748cf4a81891bc72021-12-21 12:52:00.445root 11241100x8000000000000000728333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17104445c9d3241b2021-12-21 12:52:00.445root 11241100x8000000000000000728334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0433b6605aeff252021-12-21 12:52:00.445root 11241100x8000000000000000728335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95de4e3d4c2becb72021-12-21 12:52:00.445root 23542300x8000000000000000728377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:09.132{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000728378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:09.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71dd209f4f45f432021-12-21 12:52:09.442root 11241100x8000000000000000728379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:09.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e108c84449335db2021-12-21 12:52:09.942root 11241100x8000000000000000728380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ae1824f1210db22021-12-21 12:52:10.442root 11241100x8000000000000000728381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9b082efe1615672021-12-21 12:52:10.942root 11241100x8000000000000000728382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:11.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef92cf7cc35d9d42021-12-21 12:52:11.442root 11241100x8000000000000000728383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0018c97922b5b132021-12-21 12:52:11.942root 11241100x8000000000000000728384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c0805f4d2a9a5e2021-12-21 12:52:12.442root 11241100x8000000000000000728385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31ea985eadd398b2021-12-21 12:52:12.942root 534500x8000000000000000728386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.039{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 354300x8000000000000000728387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.135{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50602-false10.0.1.12-8000- 11241100x8000000000000000728388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026b50afcc788632021-12-21 12:52:13.442root 11241100x8000000000000000728389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81667f84c0e911252021-12-21 12:52:13.443root 11241100x8000000000000000728390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77917ae33191ce32021-12-21 12:52:13.443root 11241100x8000000000000000728391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5362dd448167902021-12-21 12:52:13.942root 11241100x8000000000000000728392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4314cb871bf8b432021-12-21 12:52:13.943root 11241100x8000000000000000728393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ebd08494c038202021-12-21 12:52:13.943root 11241100x8000000000000000728394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10452619f56ebf062021-12-21 12:52:14.442root 11241100x8000000000000000728395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafc77229677a1eb2021-12-21 12:52:14.443root 11241100x8000000000000000728396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20df683da5a35692021-12-21 12:52:14.443root 11241100x8000000000000000728397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea096ea9e29edd92021-12-21 12:52:14.942root 11241100x8000000000000000728398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5100a3ff8a15be2021-12-21 12:52:14.943root 11241100x8000000000000000728399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1108f787e82413052021-12-21 12:52:14.943root 11241100x8000000000000000728400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f847d1bd15adecf42021-12-21 12:52:15.442root 11241100x8000000000000000728401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae5b2d5483430be2021-12-21 12:52:15.443root 11241100x8000000000000000728402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758679bdb15f4a552021-12-21 12:52:15.443root 11241100x8000000000000000728403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea5256b560559052021-12-21 12:52:15.943root 11241100x8000000000000000728404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c92083ddc165172021-12-21 12:52:15.943root 11241100x8000000000000000728405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c69cb21b41a172021-12-21 12:52:15.944root 11241100x8000000000000000728406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62aad01c09f54752021-12-21 12:52:16.442root 11241100x8000000000000000728407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde75aa0bd757c932021-12-21 12:52:16.443root 11241100x8000000000000000728408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb671a7d389deb22021-12-21 12:52:16.443root 11241100x8000000000000000728409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6189c3eacad2292021-12-21 12:52:16.942root 11241100x8000000000000000728410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f8e1b4fd53a3652021-12-21 12:52:16.943root 11241100x8000000000000000728411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d127e3ff6954512021-12-21 12:52:16.943root 11241100x8000000000000000728412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2b5c7a5e2067822021-12-21 12:52:17.442root 11241100x8000000000000000728413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25734b5ab1e7f502021-12-21 12:52:17.443root 11241100x8000000000000000728414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c69780a2c9f4af2021-12-21 12:52:17.443root 11241100x8000000000000000728415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5628af471dae4b82021-12-21 12:52:17.942root 11241100x8000000000000000728416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e696a7a73d9c62021-12-21 12:52:17.943root 11241100x8000000000000000728417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c6c0ed5ca864e92021-12-21 12:52:17.943root 354300x8000000000000000728418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.210{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50604-false10.0.1.12-8000- 11241100x8000000000000000728419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec919b1924d911e52021-12-21 12:52:18.211root 11241100x8000000000000000728420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4b61866da74f312021-12-21 12:52:18.211root 11241100x8000000000000000728421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a12c9e957ace922021-12-21 12:52:18.211root 11241100x8000000000000000728422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f069e58bd7d432021-12-21 12:52:18.211root 11241100x8000000000000000728423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e90cb387cf92a992021-12-21 12:52:18.692root 11241100x8000000000000000728424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72c6f3a076125a52021-12-21 12:52:18.693root 11241100x8000000000000000728425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5695f81574c313c2021-12-21 12:52:18.693root 11241100x8000000000000000728426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29edf2d7cef2e56e2021-12-21 12:52:18.693root 11241100x8000000000000000728427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a66ea6e38468162021-12-21 12:52:19.192root 11241100x8000000000000000728428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2025b86d9465475d2021-12-21 12:52:19.193root 11241100x8000000000000000728429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ad73264cc9de1a2021-12-21 12:52:19.193root 11241100x8000000000000000728430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b62cbd1473d322021-12-21 12:52:19.193root 11241100x8000000000000000728431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b069fd2e35af1d2021-12-21 12:52:19.692root 11241100x8000000000000000728432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f898c811a06af82021-12-21 12:52:19.693root 11241100x8000000000000000728433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9701a5a9e1444f692021-12-21 12:52:19.693root 11241100x8000000000000000728434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c21e313cfcde912021-12-21 12:52:19.693root 11241100x8000000000000000728435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db79fd0340fe0e2021-12-21 12:52:20.193root 11241100x8000000000000000728436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c25e41240150cd2021-12-21 12:52:20.193root 11241100x8000000000000000728437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915c17ee66f3ad7a2021-12-21 12:52:20.193root 11241100x8000000000000000728438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd81084216f8c232021-12-21 12:52:20.193root 11241100x8000000000000000728439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a6b94774f390c12021-12-21 12:52:20.693root 11241100x8000000000000000728440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edda0ce31c161ac42021-12-21 12:52:20.693root 11241100x8000000000000000728441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5b20feffd9f26f2021-12-21 12:52:20.693root 11241100x8000000000000000728442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15cdae9541b80b02021-12-21 12:52:20.693root 11241100x8000000000000000728443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6822ea7402a8261b2021-12-21 12:52:21.192root 11241100x8000000000000000728444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57736bcdb1fca3b12021-12-21 12:52:21.193root 11241100x8000000000000000728445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d0c60cb0eb0bd02021-12-21 12:52:21.193root 11241100x8000000000000000728446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd511745878695b32021-12-21 12:52:21.193root 11241100x8000000000000000728447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59042800119c75ec2021-12-21 12:52:21.693root 11241100x8000000000000000728448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057f8c8dd991d83e2021-12-21 12:52:21.693root 11241100x8000000000000000728449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54abfbfe7d554f712021-12-21 12:52:21.693root 11241100x8000000000000000728450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ed0f07b5c0d8f2021-12-21 12:52:21.693root 11241100x8000000000000000728451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a062d79817ed92fb2021-12-21 12:52:22.192root 11241100x8000000000000000728452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ef31d35e41f4812021-12-21 12:52:22.193root 11241100x8000000000000000728453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19553fa35eabcc142021-12-21 12:52:22.193root 11241100x8000000000000000728454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ea5a03687dd1a92021-12-21 12:52:22.193root 11241100x8000000000000000728455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e86cc7d76e7fae42021-12-21 12:52:22.692root 11241100x8000000000000000728456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f699e5e98a4dd2021-12-21 12:52:22.693root 11241100x8000000000000000728457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508a9094a1af94202021-12-21 12:52:22.693root 11241100x8000000000000000728458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b85b71ba5fc14042021-12-21 12:52:22.693root 11241100x8000000000000000728459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27bbcb5a831bb42021-12-21 12:52:23.193root 11241100x8000000000000000728460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dae3790c97b534e2021-12-21 12:52:23.193root 11241100x8000000000000000728461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cf3f8184e5d1cb2021-12-21 12:52:23.193root 11241100x8000000000000000728462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f765fa3de14003362021-12-21 12:52:23.193root 11241100x8000000000000000728463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0650243abae103b02021-12-21 12:52:23.692root 11241100x8000000000000000728464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827f034e5c17bc2a2021-12-21 12:52:23.693root 11241100x8000000000000000728465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81c47f7a2bc73792021-12-21 12:52:23.693root 11241100x8000000000000000728466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff639aa83c6d91182021-12-21 12:52:23.693root 354300x8000000000000000728467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.054{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50606-false10.0.1.12-8000- 11241100x8000000000000000728468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302d10498b0269622021-12-21 12:52:24.055root 11241100x8000000000000000728469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c656004428b0f7b42021-12-21 12:52:24.055root 11241100x8000000000000000728470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16738ff039084c922021-12-21 12:52:24.055root 11241100x8000000000000000728471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af74e93389e471d2021-12-21 12:52:24.055root 11241100x8000000000000000728472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841bd045b3c2ec662021-12-21 12:52:24.055root 11241100x8000000000000000728473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cf1b4e1e0c46af2021-12-21 12:52:24.443root 11241100x8000000000000000728474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102cec678275fb482021-12-21 12:52:24.443root 11241100x8000000000000000728475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8758addb6a12e2b2021-12-21 12:52:24.443root 11241100x8000000000000000728476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3774b7895f1db222021-12-21 12:52:24.443root 11241100x8000000000000000728477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32d128f76988c432021-12-21 12:52:24.443root 11241100x8000000000000000728478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6b8ce5eeda0e92021-12-21 12:52:24.942root 11241100x8000000000000000728479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0551e0e56c234782021-12-21 12:52:24.943root 11241100x8000000000000000728480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e61c3bc9a0e8d2021-12-21 12:52:24.943root 11241100x8000000000000000728481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9431b635e953cada2021-12-21 12:52:24.943root 11241100x8000000000000000728482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693b6c7698d9e72d2021-12-21 12:52:24.943root 11241100x8000000000000000728483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c3bc893e42122c2021-12-21 12:52:25.443root 11241100x8000000000000000728484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67017ced0f6223122021-12-21 12:52:25.443root 11241100x8000000000000000728485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406cd1641a03730b2021-12-21 12:52:25.443root 11241100x8000000000000000728486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb016e7bce52c5162021-12-21 12:52:25.443root 11241100x8000000000000000728487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8395dd56fdce6252021-12-21 12:52:25.443root 11241100x8000000000000000728488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cbc991173d17eb2021-12-21 12:52:25.943root 11241100x8000000000000000728489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8388b84e04fa8c552021-12-21 12:52:25.943root 11241100x8000000000000000728490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2a9d895f57e7d92021-12-21 12:52:25.943root 11241100x8000000000000000728491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0045be458247f2021-12-21 12:52:25.943root 11241100x8000000000000000728492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2715ab12a84fad2021-12-21 12:52:25.943root 354300x8000000000000000728493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:25.975{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37672-false10.0.1.12-8089- 11241100x8000000000000000728494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d03fcbc3ba17b152021-12-21 12:52:26.443root 11241100x8000000000000000728495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fa6594c211d9232021-12-21 12:52:26.443root 11241100x8000000000000000728496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc599f8cb9ad9dc2021-12-21 12:52:26.443root 11241100x8000000000000000728497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59efdc67f4696cc32021-12-21 12:52:26.443root 11241100x8000000000000000728498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbddc3edb38f439a2021-12-21 12:52:26.443root 11241100x8000000000000000728499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bde5c9c94279ce92021-12-21 12:52:26.443root 11241100x8000000000000000728500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4614123c6f68ff2021-12-21 12:52:26.943root 11241100x8000000000000000728501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfc70cd9f988b0f2021-12-21 12:52:26.943root 11241100x8000000000000000728502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501e51edeb8a3f262021-12-21 12:52:26.943root 11241100x8000000000000000728503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f375fd2d0114812021-12-21 12:52:26.943root 11241100x8000000000000000728504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd578e1362029f4d2021-12-21 12:52:26.943root 11241100x8000000000000000728505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d34bdb91b1faca2021-12-21 12:52:26.943root 11241100x8000000000000000728506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43150eeb2ca4c8652021-12-21 12:52:27.443root 11241100x8000000000000000728507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ade4739e40c64222021-12-21 12:52:27.443root 11241100x8000000000000000728508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edff8f36ca24ed082021-12-21 12:52:27.443root 11241100x8000000000000000728509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e6361a9b93d7df2021-12-21 12:52:27.443root 11241100x8000000000000000728510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81e3e6235347ceb2021-12-21 12:52:27.443root 11241100x8000000000000000728511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893551e147aa8bdd2021-12-21 12:52:27.443root 11241100x8000000000000000728512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609801a88f9643202021-12-21 12:52:27.943root 11241100x8000000000000000728513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d52b474a982df12021-12-21 12:52:27.943root 11241100x8000000000000000728514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5856e42c55bffc4a2021-12-21 12:52:27.943root 11241100x8000000000000000728515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba55da5e1b633c2021-12-21 12:52:27.943root 11241100x8000000000000000728516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bf17138d384a6f2021-12-21 12:52:27.943root 11241100x8000000000000000728517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cf92ccc8fe1b322021-12-21 12:52:27.943root 11241100x8000000000000000728518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e462b19d9d10a2021-12-21 12:52:28.443root 11241100x8000000000000000728519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38d91eb948bb98b2021-12-21 12:52:28.443root 11241100x8000000000000000728520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8368c6423c3f4a12021-12-21 12:52:28.443root 11241100x8000000000000000728521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1955367474b84f2021-12-21 12:52:28.443root 11241100x8000000000000000728522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4ea22183a5a3852021-12-21 12:52:28.443root 11241100x8000000000000000728523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bf2a301676b9c82021-12-21 12:52:28.443root 11241100x8000000000000000728524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf2a3cb6840588c2021-12-21 12:52:28.943root 11241100x8000000000000000728525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9144911931817be92021-12-21 12:52:28.943root 11241100x8000000000000000728526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba3af97e80a2f212021-12-21 12:52:28.943root 11241100x8000000000000000728527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df17de5b4d0a2772021-12-21 12:52:28.943root 11241100x8000000000000000728528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8088992b1fc2d6c2021-12-21 12:52:28.943root 11241100x8000000000000000728529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e13a5884993e582021-12-21 12:52:28.943root 354300x8000000000000000728530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.177{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50610-false10.0.1.12-8000- 11241100x8000000000000000728531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bc838216779bd72021-12-21 12:52:29.443root 11241100x8000000000000000728532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad40ba2ae2e2defa2021-12-21 12:52:29.443root 11241100x8000000000000000728533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39502177dd862af22021-12-21 12:52:29.443root 11241100x8000000000000000728534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3739ded215a81feb2021-12-21 12:52:29.443root 11241100x8000000000000000728535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3c21c31e4915982021-12-21 12:52:29.443root 11241100x8000000000000000728536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e05d79ae0dea6f62021-12-21 12:52:29.443root 11241100x8000000000000000728537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fcad606e45a5372021-12-21 12:52:29.443root 11241100x8000000000000000728538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4148a0de02815a2021-12-21 12:52:29.943root 11241100x8000000000000000728539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00325f45fe2ea752021-12-21 12:52:29.943root 11241100x8000000000000000728540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97177228fb3818782021-12-21 12:52:29.943root 11241100x8000000000000000728541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c8756aa4e900362021-12-21 12:52:29.943root 11241100x8000000000000000728542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b42126842bd92f2021-12-21 12:52:29.943root 11241100x8000000000000000728543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd88a4a39c9ef0592021-12-21 12:52:29.943root 11241100x8000000000000000728544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ad01e20d016a12021-12-21 12:52:29.943root 11241100x8000000000000000728545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d011e7ab842a566e2021-12-21 12:52:30.443root 11241100x8000000000000000728546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17df715e4d07e7a92021-12-21 12:52:30.443root 11241100x8000000000000000728547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb93470d9fe9aa872021-12-21 12:52:30.443root 11241100x8000000000000000728548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8b6ae61288a0652021-12-21 12:52:30.443root 11241100x8000000000000000728549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185e5d695ca247572021-12-21 12:52:30.443root 11241100x8000000000000000728550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2a98970cc99dbc2021-12-21 12:52:30.443root 11241100x8000000000000000728551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a2fffa29b80abc2021-12-21 12:52:30.443root 11241100x8000000000000000728552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5fba3b200c323b2021-12-21 12:52:30.943root 11241100x8000000000000000728553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a597de2d853b857d2021-12-21 12:52:30.943root 11241100x8000000000000000728554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d398de53728f3952021-12-21 12:52:30.943root 11241100x8000000000000000728555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913219c54af9cd412021-12-21 12:52:30.943root 11241100x8000000000000000728556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b8171b0d5f1d722021-12-21 12:52:30.943root 11241100x8000000000000000728557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd60f7a4c3652662021-12-21 12:52:30.943root 11241100x8000000000000000728558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cedfa890b788f42021-12-21 12:52:30.943root 11241100x8000000000000000728559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d24b599f7d1ede2021-12-21 12:52:31.443root 11241100x8000000000000000728560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6408cf7c9422e42021-12-21 12:52:31.443root 11241100x8000000000000000728561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070437010caa605a2021-12-21 12:52:31.443root 11241100x8000000000000000728562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feda2cfc7eb9734b2021-12-21 12:52:31.443root 11241100x8000000000000000728563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee49797c78cd750a2021-12-21 12:52:31.443root 11241100x8000000000000000728564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2448b6a3294b5d312021-12-21 12:52:31.443root 11241100x8000000000000000728565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4ca63ff2f443e12021-12-21 12:52:31.443root 11241100x8000000000000000728566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d1b7c3ef485e82021-12-21 12:52:31.943root 11241100x8000000000000000728567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d99655fcfc9de582021-12-21 12:52:31.943root 11241100x8000000000000000728568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af1b66db007f2442021-12-21 12:52:31.943root 11241100x8000000000000000728569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651b85c5d481b78c2021-12-21 12:52:31.943root 11241100x8000000000000000728570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66fc1d1e2fcacda2021-12-21 12:52:31.943root 11241100x8000000000000000728571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4897ab12dac1982021-12-21 12:52:31.943root 11241100x8000000000000000728572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2182e7547515a42021-12-21 12:52:31.943root 11241100x8000000000000000728573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0637ae01f4a266d12021-12-21 12:52:32.443root 11241100x8000000000000000728574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c38c449cd016472021-12-21 12:52:32.443root 11241100x8000000000000000728575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf1cd426d20f37d2021-12-21 12:52:32.443root 11241100x8000000000000000728576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95677e1233b5b7022021-12-21 12:52:32.443root 11241100x8000000000000000728577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a226c6be4f6b7ef2021-12-21 12:52:32.443root 11241100x8000000000000000728578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584b7795fbf4b9222021-12-21 12:52:32.443root 11241100x8000000000000000728579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e465aef66622af2021-12-21 12:52:32.444root 11241100x8000000000000000728580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aabe39b756d190e2021-12-21 12:52:32.943root 11241100x8000000000000000728581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0e422e57350f4b2021-12-21 12:52:32.943root 11241100x8000000000000000728582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb51a75a169774362021-12-21 12:52:32.943root 11241100x8000000000000000728583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2cca82b304c56d2021-12-21 12:52:32.943root 11241100x8000000000000000728584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52410b8fde88b742021-12-21 12:52:32.943root 11241100x8000000000000000728585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2433cb5bc36bcf22021-12-21 12:52:32.943root 11241100x8000000000000000728586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9aa716554193e032021-12-21 12:52:32.943root 11241100x8000000000000000728587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbfd0f12c30e83c2021-12-21 12:52:33.443root 11241100x8000000000000000728588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dee1f74647641e12021-12-21 12:52:33.443root 11241100x8000000000000000728589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfe2aa3848147852021-12-21 12:52:33.443root 11241100x8000000000000000728590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cb913b7f731d802021-12-21 12:52:33.443root 11241100x8000000000000000728591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c6460ef84518852021-12-21 12:52:33.443root 11241100x8000000000000000728592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104d15c5036e02112021-12-21 12:52:33.443root 11241100x8000000000000000728593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c092c54e2ce0ec22021-12-21 12:52:33.443root 11241100x8000000000000000728594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa02ff98a17938a2021-12-21 12:52:33.943root 11241100x8000000000000000728595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b01b759b615a012021-12-21 12:52:33.943root 11241100x8000000000000000728596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79a8917420fb7e62021-12-21 12:52:33.943root 11241100x8000000000000000728597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ad2a1f21f167c02021-12-21 12:52:33.943root 11241100x8000000000000000728598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a190b605c9128922021-12-21 12:52:33.943root 11241100x8000000000000000728599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78a9e2362cb64952021-12-21 12:52:33.943root 11241100x8000000000000000728600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8286466a52d6825c2021-12-21 12:52:33.943root 11241100x8000000000000000728601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174cdba1abc945f22021-12-21 12:52:34.443root 11241100x8000000000000000728602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2057898803e5dccd2021-12-21 12:52:34.443root 11241100x8000000000000000728603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef03442233e56bb02021-12-21 12:52:34.443root 11241100x8000000000000000728604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd6623fcb3e722a2021-12-21 12:52:34.443root 11241100x8000000000000000728605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980831f2d63becab2021-12-21 12:52:34.443root 11241100x8000000000000000728606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7322ec218749c0c12021-12-21 12:52:34.443root 11241100x8000000000000000728607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfac84310ca9b71f2021-12-21 12:52:34.443root 11241100x8000000000000000728608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7925c93c51de7a8d2021-12-21 12:52:34.943root 11241100x8000000000000000728609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daca01445410b412021-12-21 12:52:34.943root 11241100x8000000000000000728610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2172a00bc2b8c88d2021-12-21 12:52:34.943root 11241100x8000000000000000728611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc782732928c3fe42021-12-21 12:52:34.943root 11241100x8000000000000000728612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd3b71b20e87c212021-12-21 12:52:34.943root 11241100x8000000000000000728613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4045a2e064ea592021-12-21 12:52:34.943root 11241100x8000000000000000728614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f885b5215d92a21c2021-12-21 12:52:34.943root 354300x8000000000000000728615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.026{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50612-false10.0.1.12-8000- 11241100x8000000000000000728616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887e0e949174da0f2021-12-21 12:52:35.443root 11241100x8000000000000000728617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd1ebf3e36859322021-12-21 12:52:35.443root 11241100x8000000000000000728618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abdf1f54db479362021-12-21 12:52:35.443root 11241100x8000000000000000728619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01ef1afd39b1d3c2021-12-21 12:52:35.443root 11241100x8000000000000000728620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c588878ca4ca3a02021-12-21 12:52:35.443root 11241100x8000000000000000728621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9096d6bc64c8816c2021-12-21 12:52:35.443root 11241100x8000000000000000728622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a49388da6b342142021-12-21 12:52:35.443root 11241100x8000000000000000728623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d81c693a0e0e162021-12-21 12:52:35.443root 11241100x8000000000000000728624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2573e8a49ec8e7f32021-12-21 12:52:35.943root 11241100x8000000000000000728625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dfcb8339a72dc32021-12-21 12:52:35.943root 11241100x8000000000000000728626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb23e2a375769d62021-12-21 12:52:35.943root 11241100x8000000000000000728627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef79a500d217f3772021-12-21 12:52:35.943root 11241100x8000000000000000728628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a928a2a974a4192021-12-21 12:52:35.943root 11241100x8000000000000000728629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348980777c1d3e432021-12-21 12:52:35.943root 11241100x8000000000000000728630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5328787b3ae2a7a2021-12-21 12:52:35.943root 11241100x8000000000000000728631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410fb5eca164b11c2021-12-21 12:52:35.943root 11241100x8000000000000000728632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.130{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:52:36.130root 11241100x8000000000000000728633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d4ed618f2ff4732021-12-21 12:52:36.443root 11241100x8000000000000000728634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd20d6afa11274fd2021-12-21 12:52:36.443root 11241100x8000000000000000728635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77d28256c9694cd2021-12-21 12:52:36.443root 11241100x8000000000000000728636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053aa82cff05bcfc2021-12-21 12:52:36.443root 11241100x8000000000000000728637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555dfba68f631fa72021-12-21 12:52:36.443root 11241100x8000000000000000728638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82beace538f902882021-12-21 12:52:36.443root 11241100x8000000000000000728639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071474dbc4cefec52021-12-21 12:52:36.443root 11241100x8000000000000000728640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25e8e49bf617522021-12-21 12:52:36.443root 11241100x8000000000000000728641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dfba55732155152021-12-21 12:52:36.443root 11241100x8000000000000000728642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed3da96daedd8db2021-12-21 12:52:36.943root 11241100x8000000000000000728643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382d9707328c93622021-12-21 12:52:36.943root 11241100x8000000000000000728644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8bc54307b5fdc92021-12-21 12:52:36.943root 11241100x8000000000000000728645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c99701f4b969f12021-12-21 12:52:36.943root 11241100x8000000000000000728646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba47ff1b7951462021-12-21 12:52:36.943root 11241100x8000000000000000728647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4490a9045fe5ae62021-12-21 12:52:36.943root 11241100x8000000000000000728648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce698b85c56b7b02021-12-21 12:52:36.943root 11241100x8000000000000000728649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020d8caac58631702021-12-21 12:52:36.943root 11241100x8000000000000000728650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6264280b4c75f8f62021-12-21 12:52:36.943root 11241100x8000000000000000728651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a678064a4a616d1e2021-12-21 12:52:37.443root 11241100x8000000000000000728652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d28f1ca7df1386a2021-12-21 12:52:37.443root 11241100x8000000000000000728653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfd209e2d66febf2021-12-21 12:52:37.443root 11241100x8000000000000000728654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806363e0d724acbe2021-12-21 12:52:37.443root 11241100x8000000000000000728655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4d38e01ab048992021-12-21 12:52:37.443root 11241100x8000000000000000728656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29444d07447d6b122021-12-21 12:52:37.443root 11241100x8000000000000000728657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0279c73a9cee57322021-12-21 12:52:37.443root 11241100x8000000000000000728658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b9cfad11c37fb72021-12-21 12:52:37.443root 11241100x8000000000000000728659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850f4d970d06fdba2021-12-21 12:52:37.443root 11241100x8000000000000000728660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9359d58e8134ae2021-12-21 12:52:37.943root 11241100x8000000000000000728661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4c6d5def2862e92021-12-21 12:52:37.943root 11241100x8000000000000000728662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744f99c87592a68a2021-12-21 12:52:37.943root 11241100x8000000000000000728663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c29abaaced5ef32021-12-21 12:52:37.943root 11241100x8000000000000000728664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34275f38a9e6146d2021-12-21 12:52:37.943root 11241100x8000000000000000728665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f6eeca2796f78a2021-12-21 12:52:37.943root 11241100x8000000000000000728666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c8ba22a3be99602021-12-21 12:52:37.943root 11241100x8000000000000000728667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577b1fb755fde4e72021-12-21 12:52:37.943root 11241100x8000000000000000728668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c75dc3dcc24ea02021-12-21 12:52:37.943root 11241100x8000000000000000728669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b7ef6af3e710c2021-12-21 12:52:38.443root 11241100x8000000000000000728670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a2c7d3f945b5f12021-12-21 12:52:38.443root 11241100x8000000000000000728671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e4de714110ad892021-12-21 12:52:38.443root 11241100x8000000000000000728672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858b2034c1bdb7cb2021-12-21 12:52:38.443root 11241100x8000000000000000728673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd736e078e4541d82021-12-21 12:52:38.443root 11241100x8000000000000000728674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4117a9354bc5ab22021-12-21 12:52:38.443root 11241100x8000000000000000728675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c25e5e242197542021-12-21 12:52:38.443root 11241100x8000000000000000728676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672cbde3b133191c2021-12-21 12:52:38.443root 11241100x8000000000000000728677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7794275052c9a172021-12-21 12:52:38.443root 11241100x8000000000000000728678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df63dba873e93a42021-12-21 12:52:38.943root 11241100x8000000000000000728679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd9dd65b6c6d91c2021-12-21 12:52:38.943root 11241100x8000000000000000728680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2825fe311c3952021-12-21 12:52:38.943root 11241100x8000000000000000728681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dae49e7cefef322021-12-21 12:52:38.943root 11241100x8000000000000000728682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2240c0fca35b062021-12-21 12:52:38.943root 11241100x8000000000000000728683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3877ad61d9f93a762021-12-21 12:52:38.943root 11241100x8000000000000000728684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6092ffd2443c07a42021-12-21 12:52:38.943root 11241100x8000000000000000728685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ebc14143453e702021-12-21 12:52:38.943root 11241100x8000000000000000728686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2304cdacbd6fb30f2021-12-21 12:52:38.943root 23542300x8000000000000000728687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.133{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000728688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cb74dff8e5c3132021-12-21 12:52:39.443root 11241100x8000000000000000728689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dcc24f394b7c102021-12-21 12:52:39.443root 11241100x8000000000000000728690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d8c324b077ee562021-12-21 12:52:39.443root 11241100x8000000000000000728691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8962433a9f575f2021-12-21 12:52:39.443root 11241100x8000000000000000728692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c52cc17a23bf01f2021-12-21 12:52:39.443root 11241100x8000000000000000728693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f719fb0e6457af92021-12-21 12:52:39.443root 11241100x8000000000000000728694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e784407cfd4ac2021-12-21 12:52:39.443root 11241100x8000000000000000728695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff644fe4a5d84922021-12-21 12:52:39.443root 11241100x8000000000000000728696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb9ee6cfd1122a32021-12-21 12:52:39.443root 11241100x8000000000000000728697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629c2bcfbf131e132021-12-21 12:52:39.443root 11241100x8000000000000000728698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f528219dbc7d40b2021-12-21 12:52:39.943root 11241100x8000000000000000728699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9e2eea193b426b2021-12-21 12:52:39.943root 11241100x8000000000000000728700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3032135b72bc612021-12-21 12:52:39.943root 11241100x8000000000000000728701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b735b59ee9b762021-12-21 12:52:39.943root 11241100x8000000000000000728702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cd313a8296882c2021-12-21 12:52:39.943root 11241100x8000000000000000728703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3c6be8d52028a32021-12-21 12:52:39.943root 11241100x8000000000000000728704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb83a6c104ee8d762021-12-21 12:52:39.943root 11241100x8000000000000000728705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db0ca099cabe5e22021-12-21 12:52:39.943root 11241100x8000000000000000728706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db39da2237df15962021-12-21 12:52:39.943root 11241100x8000000000000000728707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb89ee90ceacf7272021-12-21 12:52:39.943root 354300x8000000000000000728708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.236{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50614-false10.0.1.12-8000- 11241100x8000000000000000728709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9999f6707c9a15b82021-12-21 12:52:40.237root 11241100x8000000000000000728710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c19193b0de5a1992021-12-21 12:52:40.237root 11241100x8000000000000000728711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5996759c5aa2c162021-12-21 12:52:40.237root 11241100x8000000000000000728712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5d8eb14da2bf7c2021-12-21 12:52:40.237root 11241100x8000000000000000728713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd0daed63b216972021-12-21 12:52:40.237root 11241100x8000000000000000728714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92fbf22873f36dc2021-12-21 12:52:40.238root 11241100x8000000000000000728715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e670af113285192e2021-12-21 12:52:40.238root 11241100x8000000000000000728716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847a37152f8c5cd02021-12-21 12:52:40.238root 11241100x8000000000000000728717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab07303e839c6a452021-12-21 12:52:40.238root 11241100x8000000000000000728718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a91582c21d17cb02021-12-21 12:52:40.238root 11241100x8000000000000000728719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34999468d69b7322021-12-21 12:52:40.238root 11241100x8000000000000000728720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116d90557d99ec6f2021-12-21 12:52:40.693root 11241100x8000000000000000728721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7486f7065d9f4d22021-12-21 12:52:40.693root 11241100x8000000000000000728722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ef5591273aedf2021-12-21 12:52:40.693root 11241100x8000000000000000728723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8066a37b48939e7f2021-12-21 12:52:40.693root 11241100x8000000000000000728724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26f004611fbc0f02021-12-21 12:52:40.693root 11241100x8000000000000000728725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84ce883b2f936ca2021-12-21 12:52:40.694root 11241100x8000000000000000728726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca1c02833009e8d2021-12-21 12:52:40.694root 11241100x8000000000000000728727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fad6f50f2a2a972021-12-21 12:52:40.694root 11241100x8000000000000000728728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fbdf5c8eaceaa02021-12-21 12:52:40.694root 11241100x8000000000000000728729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf1ec6f52af2f842021-12-21 12:52:40.694root 11241100x8000000000000000728730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae3497600b198c72021-12-21 12:52:40.694root 154100x8000000000000000728731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.026{ec2b6afe-ce19-61c1-6834-647069550000}10161/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000728732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926f8fb1b835383e2021-12-21 12:52:41.027root 11241100x8000000000000000728733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc16cdd4cbae034a2021-12-21 12:52:41.027root 11241100x8000000000000000728734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43966eb0f6b130a2021-12-21 12:52:41.027root 11241100x8000000000000000728735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2eb36923c10881c2021-12-21 12:52:41.027root 11241100x8000000000000000728736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c18406ffc5a68f2021-12-21 12:52:41.027root 11241100x8000000000000000728737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ec76c5b18843532021-12-21 12:52:41.027root 11241100x8000000000000000728738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be22a64c64ac8bab2021-12-21 12:52:41.028root 11241100x8000000000000000728739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a27a949a95b5582021-12-21 12:52:41.028root 11241100x8000000000000000728740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac8bafe6d23a6fc2021-12-21 12:52:41.028root 11241100x8000000000000000728741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6716db0c3731172021-12-21 12:52:41.028root 11241100x8000000000000000728742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae997f092c485d52021-12-21 12:52:41.028root 11241100x8000000000000000728743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024896dd878235bf2021-12-21 12:52:41.028root 534500x8000000000000000728744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.037{ec2b6afe-ce19-61c1-6834-647069550000}10161/bin/psroot 11241100x8000000000000000728745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e94ae8ed67a84a2021-12-21 12:52:41.445root 11241100x8000000000000000728746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b60e40f5d531c52021-12-21 12:52:41.445root 11241100x8000000000000000728747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be6797f6cc6a48a2021-12-21 12:52:41.445root 11241100x8000000000000000728748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517ced58bdd841702021-12-21 12:52:41.445root 11241100x8000000000000000728749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4ec1088b7622dc2021-12-21 12:52:41.445root 11241100x8000000000000000728750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae216f49e17aac1d2021-12-21 12:52:41.445root 11241100x8000000000000000728751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df5292c0add76462021-12-21 12:52:41.445root 11241100x8000000000000000728752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e32d7a39c5c9d5d2021-12-21 12:52:41.445root 11241100x8000000000000000728753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebad2066a575c44c2021-12-21 12:52:41.445root 11241100x8000000000000000728754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9264c07600cbfbcc2021-12-21 12:52:41.445root 11241100x8000000000000000728755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002164ec363f04b72021-12-21 12:52:41.446root 11241100x8000000000000000728756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f22263ac1b1ce62021-12-21 12:52:41.446root 11241100x8000000000000000728757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd3fc1c8a5173142021-12-21 12:52:41.446root 11241100x8000000000000000728758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7e652bcd0a79d12021-12-21 12:52:41.943root 11241100x8000000000000000728759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a945483d0e2ddcc02021-12-21 12:52:41.943root 11241100x8000000000000000728760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db582d1fbfb9edb2021-12-21 12:52:41.943root 11241100x8000000000000000728761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0090756a90d1939d2021-12-21 12:52:41.943root 11241100x8000000000000000728762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209ff1ac2f1d48012021-12-21 12:52:41.943root 11241100x8000000000000000728763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f0fd68d8fd882e2021-12-21 12:52:41.943root 11241100x8000000000000000728764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287dca20faa5ca072021-12-21 12:52:41.943root 11241100x8000000000000000728765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f24be3cbb42a7b2021-12-21 12:52:41.943root 11241100x8000000000000000728766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcac01d1840c5aab2021-12-21 12:52:41.944root 11241100x8000000000000000728767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b5c761526fdd7b2021-12-21 12:52:41.944root 11241100x8000000000000000728768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd15e4ca3110f8192021-12-21 12:52:41.944root 11241100x8000000000000000728769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e27bcd485cceb572021-12-21 12:52:41.944root 11241100x8000000000000000728770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46477a4f44f45cc62021-12-21 12:52:41.944root 11241100x8000000000000000728771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a891dba02c4dad82021-12-21 12:52:42.443root 11241100x8000000000000000728772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241199016b90f5842021-12-21 12:52:42.443root 11241100x8000000000000000728773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d5e16b0484e7c62021-12-21 12:52:42.443root 11241100x8000000000000000728774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf2bd1f4cb056692021-12-21 12:52:42.443root 11241100x8000000000000000728775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d887da17e670532021-12-21 12:52:42.443root 11241100x8000000000000000728776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb83f6cff35265bc2021-12-21 12:52:42.443root 11241100x8000000000000000728777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043e008111b0d4d82021-12-21 12:52:42.443root 11241100x8000000000000000728778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3199012d76f5d5c2021-12-21 12:52:42.443root 11241100x8000000000000000728779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6426847f7943d62021-12-21 12:52:42.444root 11241100x8000000000000000728780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d06d2048aff332021-12-21 12:52:42.444root 11241100x8000000000000000728781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e697eb3b547bb5d12021-12-21 12:52:42.444root 11241100x8000000000000000728782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba24e12b8404e822021-12-21 12:52:42.444root 11241100x8000000000000000728783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f561008aacc728a2021-12-21 12:52:42.444root 11241100x8000000000000000728784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2b4466069eb9aa2021-12-21 12:52:42.943root 11241100x8000000000000000728785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd8559f5e5f1de22021-12-21 12:52:42.943root 11241100x8000000000000000728786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd03f00ebef422b2021-12-21 12:52:42.943root 11241100x8000000000000000728787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dda7622ddefd8452021-12-21 12:52:42.943root 11241100x8000000000000000728788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae8e739acf51c7c2021-12-21 12:52:42.943root 11241100x8000000000000000728789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1594f86b3998b542021-12-21 12:52:42.943root 11241100x8000000000000000728790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58422118c181770f2021-12-21 12:52:42.943root 11241100x8000000000000000728791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87063668872abc12021-12-21 12:52:42.944root 11241100x8000000000000000728792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35882194339564292021-12-21 12:52:42.944root 11241100x8000000000000000728793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae05d69d86ffdc352021-12-21 12:52:42.944root 11241100x8000000000000000728794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2944a6697204c22021-12-21 12:52:42.944root 11241100x8000000000000000728795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bffe870837dd2ba2021-12-21 12:52:42.944root 11241100x8000000000000000728796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7231a77ac894e7fd2021-12-21 12:52:42.944root 11241100x8000000000000000728797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1aa56512aa28c02021-12-21 12:52:43.443root 11241100x8000000000000000728798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a842dd62d6584c2021-12-21 12:52:43.443root 11241100x8000000000000000728799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1890a8521deb14d22021-12-21 12:52:43.443root 11241100x8000000000000000728800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e370a3ace42ff7172021-12-21 12:52:43.444root 11241100x8000000000000000728801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6dd8cc78785ff1c2021-12-21 12:52:43.444root 11241100x8000000000000000728802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ba25b695a9e93e2021-12-21 12:52:43.444root 11241100x8000000000000000728803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db50786d4867cdd2021-12-21 12:52:43.444root 11241100x8000000000000000728804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982725dadef3e7cf2021-12-21 12:52:43.444root 11241100x8000000000000000728805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7064b6422f56730d2021-12-21 12:52:43.444root 11241100x8000000000000000728806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9ab6470c667bd92021-12-21 12:52:43.444root 11241100x8000000000000000728807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c151f777b75e2a5f2021-12-21 12:52:43.445root 11241100x8000000000000000728808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490f9c0429aad6d42021-12-21 12:52:43.445root 11241100x8000000000000000728809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b54200842dd932021-12-21 12:52:43.445root 11241100x8000000000000000728810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc487b65124fdd42021-12-21 12:52:43.943root 11241100x8000000000000000728811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342e1e6be2d3b9c12021-12-21 12:52:43.943root 11241100x8000000000000000728812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3374dd4ebebec852021-12-21 12:52:43.944root 11241100x8000000000000000728813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3a80ab8db4aa482021-12-21 12:52:43.944root 11241100x8000000000000000728814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5264cdd30248e7a2021-12-21 12:52:43.944root 11241100x8000000000000000728815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cce8b2cc519e152021-12-21 12:52:43.944root 11241100x8000000000000000728816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a2ec9e698d9b2d2021-12-21 12:52:43.944root 11241100x8000000000000000728817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e9c5f9e573b2d2021-12-21 12:52:43.944root 11241100x8000000000000000728818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42670bf89f8658f82021-12-21 12:52:43.944root 11241100x8000000000000000728819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21903ce8372d83e42021-12-21 12:52:43.945root 11241100x8000000000000000728820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b7f6ea2c227d822021-12-21 12:52:43.945root 11241100x8000000000000000728821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ca78f82b514fba2021-12-21 12:52:43.945root 11241100x8000000000000000728822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaa3f0927058a842021-12-21 12:52:43.945root 11241100x8000000000000000728823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b43ecd6805c98722021-12-21 12:52:44.443root 11241100x8000000000000000728824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcb3d2bb6a9abfd2021-12-21 12:52:44.443root 11241100x8000000000000000728825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529715eb7d1e13042021-12-21 12:52:44.443root 11241100x8000000000000000728826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f007c37f32f03a8b2021-12-21 12:52:44.444root 11241100x8000000000000000728827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c069a5dba8c342b92021-12-21 12:52:44.444root 11241100x8000000000000000728828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1fb97d4c18b2d2021-12-21 12:52:44.444root 11241100x8000000000000000728829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb1974a01b7669f2021-12-21 12:52:44.444root 11241100x8000000000000000728830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185e56d7b1f4cb7a2021-12-21 12:52:44.444root 11241100x8000000000000000728831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b996e20f3467042021-12-21 12:52:44.444root 11241100x8000000000000000728832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c5a97685f3bcb72021-12-21 12:52:44.444root 11241100x8000000000000000728833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e564dfa7a4b1222021-12-21 12:52:44.444root 11241100x8000000000000000728834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e264fb11270769082021-12-21 12:52:44.445root 11241100x8000000000000000728835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ffc062cb1a4e412021-12-21 12:52:44.445root 11241100x8000000000000000728836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd695b8262646822021-12-21 12:52:44.943root 11241100x8000000000000000728837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2236d040e8b25062021-12-21 12:52:44.943root 11241100x8000000000000000728838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970898268eff974c2021-12-21 12:52:44.943root 11241100x8000000000000000728839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee689b98a9a3cd7d2021-12-21 12:52:44.943root 11241100x8000000000000000728840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ccb88d325975102021-12-21 12:52:44.943root 11241100x8000000000000000728841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5e55bd2a4508422021-12-21 12:52:44.944root 11241100x8000000000000000728842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa19b88e413ccdb2021-12-21 12:52:44.944root 11241100x8000000000000000728843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9312eaf30552e72021-12-21 12:52:44.944root 11241100x8000000000000000728844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1939b8c1c7ec522e2021-12-21 12:52:44.944root 11241100x8000000000000000728845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46585b6ccf1e0ade2021-12-21 12:52:44.944root 11241100x8000000000000000728846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5534c190fe2db32021-12-21 12:52:44.944root 11241100x8000000000000000728847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1befb1a3b16fe282021-12-21 12:52:44.944root 11241100x8000000000000000728848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc07b657c0ff57c2021-12-21 12:52:44.944root 11241100x8000000000000000728849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c261143b373b144f2021-12-21 12:52:45.443root 11241100x8000000000000000728850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674920d51246db4c2021-12-21 12:52:45.443root 11241100x8000000000000000728851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01a3fac6fb047a2021-12-21 12:52:45.443root 11241100x8000000000000000728852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5c0d69f9e137fc2021-12-21 12:52:45.443root 11241100x8000000000000000728853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e089710068b44d7f2021-12-21 12:52:45.443root 11241100x8000000000000000728854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9746ac044a7785092021-12-21 12:52:45.443root 11241100x8000000000000000728855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb20b63f977681712021-12-21 12:52:45.443root 11241100x8000000000000000728856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e4c28089ef66ac2021-12-21 12:52:45.443root 11241100x8000000000000000728857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dfd63c90cd47892021-12-21 12:52:45.444root 11241100x8000000000000000728858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c277bf6743fea6c32021-12-21 12:52:45.444root 11241100x8000000000000000728859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf979eb7a75053802021-12-21 12:52:45.444root 11241100x8000000000000000728860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75940b66205f05712021-12-21 12:52:45.444root 11241100x8000000000000000728861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f0a05f634a572d2021-12-21 12:52:45.444root 11241100x8000000000000000728862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a159904caa0c7612021-12-21 12:52:45.943root 11241100x8000000000000000728863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d54397a9efb06482021-12-21 12:52:45.943root 11241100x8000000000000000728864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4dc5b130e715102021-12-21 12:52:45.943root 11241100x8000000000000000728865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5beb2daad690be2021-12-21 12:52:45.943root 11241100x8000000000000000728866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631865a53504987c2021-12-21 12:52:45.943root 11241100x8000000000000000728867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0aee8e54ea03972021-12-21 12:52:45.943root 11241100x8000000000000000728868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051b0c1dd35e63552021-12-21 12:52:45.943root 11241100x8000000000000000728869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bac974bdf22bdf2021-12-21 12:52:45.943root 11241100x8000000000000000728870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbebe48942b5ad92021-12-21 12:52:45.943root 11241100x8000000000000000728871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a313e280a23006852021-12-21 12:52:45.944root 11241100x8000000000000000728872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82e076bd7cbe2102021-12-21 12:52:45.944root 11241100x8000000000000000728873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e6e4cca30c0f12021-12-21 12:52:45.944root 11241100x8000000000000000728874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4ee17e6814611d2021-12-21 12:52:45.944root 354300x8000000000000000728875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.124{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50616-false10.0.1.12-8000- 11241100x8000000000000000728876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2c65ed6d23a5e92021-12-21 12:52:46.443root 11241100x8000000000000000728877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5d7bec9fa68c792021-12-21 12:52:46.443root 11241100x8000000000000000728878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bbaee824bd7c022021-12-21 12:52:46.443root 11241100x8000000000000000728879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d5a8c94802c1872021-12-21 12:52:46.443root 11241100x8000000000000000728880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361ad91e9dc739cb2021-12-21 12:52:46.443root 11241100x8000000000000000728881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fd9de0a4cc5c832021-12-21 12:52:46.443root 11241100x8000000000000000728882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9d63906a4b9ea2021-12-21 12:52:46.443root 11241100x8000000000000000728883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69763acb175485f2021-12-21 12:52:46.444root 11241100x8000000000000000728884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7262784f27a1102021-12-21 12:52:46.444root 11241100x8000000000000000728885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064356a4741a48e92021-12-21 12:52:46.444root 11241100x8000000000000000728886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7c5fc567af2d252021-12-21 12:52:46.444root 11241100x8000000000000000728887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78165e79a44db4b62021-12-21 12:52:46.444root 11241100x8000000000000000728888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff76773a8639a28b2021-12-21 12:52:46.444root 11241100x8000000000000000728889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b15e11c4c8d7b042021-12-21 12:52:46.444root 11241100x8000000000000000728890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b9d804e75797d62021-12-21 12:52:46.943root 11241100x8000000000000000728891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e460618b22cd75092021-12-21 12:52:46.943root 11241100x8000000000000000728892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecf3447ecead5f02021-12-21 12:52:46.943root 11241100x8000000000000000728893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff883b577b9cf33f2021-12-21 12:52:46.943root 11241100x8000000000000000728894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641398d710418a8f2021-12-21 12:52:46.943root 11241100x8000000000000000728895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78013e6089f11db32021-12-21 12:52:46.943root 11241100x8000000000000000728896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3aba7718fadb2f2021-12-21 12:52:46.943root 11241100x8000000000000000728897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f262eadcd411a8c22021-12-21 12:52:46.943root 11241100x8000000000000000728898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0513b46f2727bf2021-12-21 12:52:46.944root 11241100x8000000000000000728899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dfe067a826c9f02021-12-21 12:52:46.944root 11241100x8000000000000000728900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf5c6031da0c9892021-12-21 12:52:46.944root 11241100x8000000000000000728901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1242130650f1ee12021-12-21 12:52:46.944root 11241100x8000000000000000728902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19464480db0023452021-12-21 12:52:46.944root 11241100x8000000000000000728903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc400f6a6c5c27cc2021-12-21 12:52:46.944root 11241100x8000000000000000728904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5004215038f107132021-12-21 12:52:47.443root 11241100x8000000000000000728905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0062f3c8385affb32021-12-21 12:52:47.443root 11241100x8000000000000000728906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77747a4c94dcf8012021-12-21 12:52:47.443root 11241100x8000000000000000728907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1b9259c38df0ff2021-12-21 12:52:47.443root 11241100x8000000000000000728908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1642275403893802021-12-21 12:52:47.443root 11241100x8000000000000000728909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5317ec7967c028a42021-12-21 12:52:47.444root 11241100x8000000000000000728910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d5303b2b0c28b92021-12-21 12:52:47.444root 11241100x8000000000000000728911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aac60c683b82342021-12-21 12:52:47.444root 11241100x8000000000000000728912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd445cf3f73c75502021-12-21 12:52:47.444root 11241100x8000000000000000728913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41c1153cffe61fa2021-12-21 12:52:47.444root 11241100x8000000000000000728914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869d19ac0915cca12021-12-21 12:52:47.444root 11241100x8000000000000000728915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b16ade555dd69c42021-12-21 12:52:47.444root 11241100x8000000000000000728916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e9a2a5afc040882021-12-21 12:52:47.444root 11241100x8000000000000000728917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6001be759a450d92021-12-21 12:52:47.444root 11241100x8000000000000000728918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13383b33bd6011472021-12-21 12:52:47.943root 11241100x8000000000000000728919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd12515705b83be2021-12-21 12:52:47.943root 11241100x8000000000000000728920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ee718b2c64b102021-12-21 12:52:47.943root 11241100x8000000000000000728921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1df398517c84f362021-12-21 12:52:47.943root 11241100x8000000000000000728922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4404ee3244f71fb2021-12-21 12:52:47.943root 11241100x8000000000000000728923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328c698e45d005cb2021-12-21 12:52:47.943root 11241100x8000000000000000728924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8838c47fdec731982021-12-21 12:52:47.943root 11241100x8000000000000000728925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eb7fb471cc415d2021-12-21 12:52:47.943root 11241100x8000000000000000728926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fd3a85e9703d7e2021-12-21 12:52:47.944root 11241100x8000000000000000728927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268dadf365b64d9b2021-12-21 12:52:47.944root 11241100x8000000000000000728928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459c8ec3e891e4b82021-12-21 12:52:47.944root 11241100x8000000000000000728929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983f770f116245f32021-12-21 12:52:47.944root 11241100x8000000000000000728930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8568b5a4b5ca8da2021-12-21 12:52:47.944root 11241100x8000000000000000728931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7c165bd6b2a5ea2021-12-21 12:52:47.944root 11241100x8000000000000000728932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44588e88f6c1ae02021-12-21 12:52:48.443root 11241100x8000000000000000728933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a95c23b2816fb002021-12-21 12:52:48.443root 11241100x8000000000000000728934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcecad0a20d04bc2021-12-21 12:52:48.443root 11241100x8000000000000000728935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0934ea44003508d2021-12-21 12:52:48.443root 11241100x8000000000000000728936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d1a5c53c8da9fc2021-12-21 12:52:48.443root 11241100x8000000000000000728937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea8c41b391a1d12021-12-21 12:52:48.443root 11241100x8000000000000000728938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319d125b97aa3b212021-12-21 12:52:48.443root 11241100x8000000000000000728939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cc4260afc5191b2021-12-21 12:52:48.443root 11241100x8000000000000000728940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764944ef42f640a02021-12-21 12:52:48.444root 11241100x8000000000000000728941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5166ee31e6dfe982021-12-21 12:52:48.444root 11241100x8000000000000000728942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58d0521ad92280c2021-12-21 12:52:48.444root 11241100x8000000000000000728943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a80569a4cafca712021-12-21 12:52:48.444root 11241100x8000000000000000728944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f643d1fe25edb22021-12-21 12:52:48.444root 11241100x8000000000000000728945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e63aa6050783ab2021-12-21 12:52:48.444root 11241100x8000000000000000728946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b76a8a99a3e64c2021-12-21 12:52:48.943root 11241100x8000000000000000728947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff2b6f33abd7fa2021-12-21 12:52:48.943root 11241100x8000000000000000728948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3093e2481868fb2021-12-21 12:52:48.943root 11241100x8000000000000000728949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c75c9956d3896382021-12-21 12:52:48.943root 11241100x8000000000000000728950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd4c1e6193261ca2021-12-21 12:52:48.943root 11241100x8000000000000000728951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6f0c3e40d046822021-12-21 12:52:48.943root 11241100x8000000000000000728952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e60201e4e97782021-12-21 12:52:48.943root 11241100x8000000000000000728953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba5d2a05ce854052021-12-21 12:52:48.944root 11241100x8000000000000000728954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5681dc348e18b882021-12-21 12:52:48.944root 11241100x8000000000000000728955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875129f7be4513072021-12-21 12:52:48.944root 11241100x8000000000000000728956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce29f11763dfc28a2021-12-21 12:52:48.944root 11241100x8000000000000000728957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd5272526b0306a2021-12-21 12:52:48.944root 11241100x8000000000000000728958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d0fabce63d63992021-12-21 12:52:48.944root 11241100x8000000000000000728959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f0ac1466b1d6272021-12-21 12:52:48.944root 11241100x8000000000000000728960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea92b206c184d1c2021-12-21 12:52:49.443root 11241100x8000000000000000728961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9702a31242774b12021-12-21 12:52:49.443root 11241100x8000000000000000728962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f41910e4ea51a72021-12-21 12:52:49.443root 11241100x8000000000000000728963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56098c263c3a5192021-12-21 12:52:49.443root 11241100x8000000000000000728964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86671f629889b2782021-12-21 12:52:49.443root 11241100x8000000000000000728965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049e47a283cc61092021-12-21 12:52:49.443root 11241100x8000000000000000728966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1719721e36e5f32021-12-21 12:52:49.443root 11241100x8000000000000000728967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd06143662dc2a3e2021-12-21 12:52:49.444root 11241100x8000000000000000728968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc6479aa86aaec62021-12-21 12:52:49.444root 11241100x8000000000000000728969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114c020cad0f18c12021-12-21 12:52:49.444root 11241100x8000000000000000728970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fddf91dd6ff3bc2021-12-21 12:52:49.444root 11241100x8000000000000000728971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da02315b46c98a652021-12-21 12:52:49.444root 11241100x8000000000000000728972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6df8e19ef9194312021-12-21 12:52:49.444root 11241100x8000000000000000728973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a5658d09605c852021-12-21 12:52:49.444root 11241100x8000000000000000728974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf231879e6ca412021-12-21 12:52:49.943root 11241100x8000000000000000728975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83bcd34af59f2572021-12-21 12:52:49.943root 11241100x8000000000000000728976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e20f4cabf196de62021-12-21 12:52:49.943root 11241100x8000000000000000728977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3ecfada594ac1f2021-12-21 12:52:49.943root 11241100x8000000000000000728978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19190b41e06abec12021-12-21 12:52:49.943root 11241100x8000000000000000728979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca773d8ba2106532021-12-21 12:52:49.943root 11241100x8000000000000000728980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbe3bd58d24e6002021-12-21 12:52:49.944root 11241100x8000000000000000728981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8381d718bb27902021-12-21 12:52:49.944root 11241100x8000000000000000728982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae159c9239891f02021-12-21 12:52:49.944root 11241100x8000000000000000728983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e349d9ddc8dc382021-12-21 12:52:49.944root 11241100x8000000000000000728984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b878db8307aa35f2021-12-21 12:52:49.944root 11241100x8000000000000000728985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610c644af6f0a0212021-12-21 12:52:49.944root 11241100x8000000000000000728986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a72d9621433d0432021-12-21 12:52:49.944root 11241100x8000000000000000728987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14209935723544e92021-12-21 12:52:49.944root 11241100x8000000000000000728988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d255f6735c91ec562021-12-21 12:52:50.443root 11241100x8000000000000000728989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ce81733ee03952021-12-21 12:52:50.443root 11241100x8000000000000000728990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82753e4832e0e2692021-12-21 12:52:50.443root 11241100x8000000000000000728991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a4cb553e0f036b2021-12-21 12:52:50.443root 11241100x8000000000000000728992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9241a3cae9f93c2021-12-21 12:52:50.443root 11241100x8000000000000000728993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42519a7dc76feba2021-12-21 12:52:50.443root 11241100x8000000000000000728994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf4a21439520a642021-12-21 12:52:50.443root 11241100x8000000000000000728995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541b6e8b15fbada22021-12-21 12:52:50.444root 11241100x8000000000000000728996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ab96445ed6f2342021-12-21 12:52:50.444root 11241100x8000000000000000728997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d204a2e4c25c63ec2021-12-21 12:52:50.444root 11241100x8000000000000000728998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f705f96e5d1fefce2021-12-21 12:52:50.444root 11241100x8000000000000000728999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b38e499cc4071c2021-12-21 12:52:50.444root 11241100x8000000000000000729000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68be6ba7928cb99e2021-12-21 12:52:50.444root 11241100x8000000000000000729001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4d83d26c45d2d2021-12-21 12:52:50.444root 11241100x8000000000000000729002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b781a1578419ecd2021-12-21 12:52:50.943root 11241100x8000000000000000729003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacde07e688f0a7e2021-12-21 12:52:50.943root 11241100x8000000000000000729004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2521d7661668a89f2021-12-21 12:52:50.943root 11241100x8000000000000000729005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa02a68d49a87bd72021-12-21 12:52:50.943root 11241100x8000000000000000729006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e618e49492e5073b2021-12-21 12:52:50.943root 11241100x8000000000000000729007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8843fcb6e5010a2021-12-21 12:52:50.943root 11241100x8000000000000000729008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd55fa72e6a3a832021-12-21 12:52:50.943root 11241100x8000000000000000729009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3838d85d3a3243dc2021-12-21 12:52:50.944root 11241100x8000000000000000729010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdcc40b47f4e54d2021-12-21 12:52:50.944root 11241100x8000000000000000729011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b8e0c7860874be2021-12-21 12:52:50.944root 11241100x8000000000000000729012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516eabd1f4da5722021-12-21 12:52:50.944root 11241100x8000000000000000729013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3290ada7217b09b72021-12-21 12:52:50.944root 11241100x8000000000000000729014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f5752409ade26d2021-12-21 12:52:50.944root 11241100x8000000000000000729015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ea478f7eeb96d92021-12-21 12:52:50.944root 354300x8000000000000000729016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.203{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50618-false10.0.1.12-8000- 11241100x8000000000000000729017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cc004a74fd09772021-12-21 12:52:51.205root 11241100x8000000000000000729018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c602e96369ba4b22021-12-21 12:52:51.205root 11241100x8000000000000000729019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1e588253f56c872021-12-21 12:52:51.205root 11241100x8000000000000000729020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990fd7fc722c18d92021-12-21 12:52:51.205root 11241100x8000000000000000729021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0a7570e3ae459d2021-12-21 12:52:51.205root 11241100x8000000000000000729022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c64920c790e4932021-12-21 12:52:51.205root 11241100x8000000000000000729023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d85925545d917c2021-12-21 12:52:51.205root 11241100x8000000000000000729024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7ba6d80aca826f2021-12-21 12:52:51.206root 11241100x8000000000000000729025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a47c28484826f072021-12-21 12:52:51.206root 11241100x8000000000000000729026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc96fb64b7b187182021-12-21 12:52:51.206root 11241100x8000000000000000729027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3634b2167c0df42021-12-21 12:52:51.206root 11241100x8000000000000000729028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e67f279a0ee09442021-12-21 12:52:51.206root 11241100x8000000000000000729029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd8298e7ff538592021-12-21 12:52:51.206root 11241100x8000000000000000729030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0768a1031cb3da972021-12-21 12:52:51.206root 11241100x8000000000000000729031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae4b631ad1fecc2021-12-21 12:52:51.206root 11241100x8000000000000000729032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b484696a2957af2021-12-21 12:52:51.693root 11241100x8000000000000000729033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c73b823b53b9802021-12-21 12:52:51.693root 11241100x8000000000000000729034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f000a12d19c1adb92021-12-21 12:52:51.693root 11241100x8000000000000000729035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e44055fb7e7cec2021-12-21 12:52:51.693root 11241100x8000000000000000729036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d61216ba3c700d2021-12-21 12:52:51.693root 11241100x8000000000000000729037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fa34203f7bfa612021-12-21 12:52:51.693root 11241100x8000000000000000729038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a95a7bdccda1cb52021-12-21 12:52:51.693root 11241100x8000000000000000729039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634f9c87129ca16f2021-12-21 12:52:51.694root 11241100x8000000000000000729040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc426b6f79e35b2021-12-21 12:52:51.694root 11241100x8000000000000000729041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f24274712b5c8db2021-12-21 12:52:51.694root 11241100x8000000000000000729042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13675f6ce56848572021-12-21 12:52:51.694root 11241100x8000000000000000729043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727369ef480ac7e62021-12-21 12:52:51.694root 11241100x8000000000000000729044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef5e7ac00753072021-12-21 12:52:51.694root 11241100x8000000000000000729045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a8175053c499cb2021-12-21 12:52:51.694root 11241100x8000000000000000729046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6433490760b541f92021-12-21 12:52:51.694root 11241100x8000000000000000729047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bc06f4be86361a2021-12-21 12:52:52.193root 11241100x8000000000000000729048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed1c7d4d8d5aaed2021-12-21 12:52:52.193root 11241100x8000000000000000729049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520f4f5d87ccdfdf2021-12-21 12:52:52.193root 11241100x8000000000000000729050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394de08c004b99042021-12-21 12:52:52.193root 11241100x8000000000000000729051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd3ba5212bd889c2021-12-21 12:52:52.193root 11241100x8000000000000000729052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f4a4fab20ad1872021-12-21 12:52:52.193root 11241100x8000000000000000729053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7dc04574733aec2021-12-21 12:52:52.193root 11241100x8000000000000000729054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afd490dd676a6432021-12-21 12:52:52.194root 11241100x8000000000000000729055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353ef04b929d003c2021-12-21 12:52:52.194root 11241100x8000000000000000729056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770f830da82067452021-12-21 12:52:52.194root 11241100x8000000000000000729057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f2db6a0aeec7772021-12-21 12:52:52.194root 11241100x8000000000000000729058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc120df5bc081b742021-12-21 12:52:52.194root 11241100x8000000000000000729059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dae8dd8fd971cd42021-12-21 12:52:52.194root 11241100x8000000000000000729060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e755b7e4adf657c22021-12-21 12:52:52.194root 11241100x8000000000000000729061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e5a55524e51cad2021-12-21 12:52:52.194root 11241100x8000000000000000729062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e822c69f8837b36f2021-12-21 12:52:52.693root 11241100x8000000000000000729063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4010a7bd93e731842021-12-21 12:52:52.693root 11241100x8000000000000000729064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b26f30412e14982021-12-21 12:52:52.693root 11241100x8000000000000000729065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8407435b4c053592021-12-21 12:52:52.693root 11241100x8000000000000000729066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a4f2d196768c812021-12-21 12:52:52.693root 11241100x8000000000000000729067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45520bcbd04453a22021-12-21 12:52:52.693root 11241100x8000000000000000729068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e037bbf8d5d3d82021-12-21 12:52:52.693root 11241100x8000000000000000729069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bdf77f12ea7d8e2021-12-21 12:52:52.693root 11241100x8000000000000000729070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e783697a6a76f0dc2021-12-21 12:52:52.694root 11241100x8000000000000000729071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55029b58900a870a2021-12-21 12:52:52.694root 11241100x8000000000000000729072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98496b07b5393ae22021-12-21 12:52:52.694root 11241100x8000000000000000729073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f839574970c5a2021-12-21 12:52:52.694root 11241100x8000000000000000729074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c34639900fcb96c2021-12-21 12:52:52.694root 11241100x8000000000000000729075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa86c59ae70a98c02021-12-21 12:52:52.694root 11241100x8000000000000000729076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfb0be00c2baa6f2021-12-21 12:52:52.694root 11241100x8000000000000000729077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49050102517538f2021-12-21 12:52:53.193root 11241100x8000000000000000729078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3e6b0b7090da902021-12-21 12:52:53.193root 11241100x8000000000000000729079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b2950f18099ba32021-12-21 12:52:53.193root 11241100x8000000000000000729080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1873cd38c4328f172021-12-21 12:52:53.193root 11241100x8000000000000000729081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436812e625874be42021-12-21 12:52:53.193root 11241100x8000000000000000729082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d51f0f94412f6872021-12-21 12:52:53.193root 11241100x8000000000000000729083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17201ad3541ac1532021-12-21 12:52:53.193root 11241100x8000000000000000729084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dd9feabe7104342021-12-21 12:52:53.193root 11241100x8000000000000000729085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9561b22d3e9f097e2021-12-21 12:52:53.194root 11241100x8000000000000000729086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c2b4f26584e8862021-12-21 12:52:53.194root 11241100x8000000000000000729087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8612ece1cc62cbcf2021-12-21 12:52:53.194root 11241100x8000000000000000729088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b9519be3b739652021-12-21 12:52:53.194root 11241100x8000000000000000729089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0e275aee8e945b2021-12-21 12:52:53.194root 11241100x8000000000000000729090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb49ea08ed6629742021-12-21 12:52:53.194root 11241100x8000000000000000729091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59b97571342b2a22021-12-21 12:52:53.194root 11241100x8000000000000000729092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf302c939e284aba2021-12-21 12:52:53.693root 11241100x8000000000000000729093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495d3f95e2c5439b2021-12-21 12:52:53.693root 11241100x8000000000000000729094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9ad0f3a7ec6e562021-12-21 12:52:53.693root 11241100x8000000000000000729095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5dafa1986a69b62021-12-21 12:52:53.693root 11241100x8000000000000000729096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bb3d7f055a6a742021-12-21 12:52:53.693root 11241100x8000000000000000729097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fccab193224dd02021-12-21 12:52:53.693root 11241100x8000000000000000729098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449195c5adbfac0a2021-12-21 12:52:53.693root 11241100x8000000000000000729099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c0974512e69acf2021-12-21 12:52:53.693root 11241100x8000000000000000729100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541aab0d3aa6c1532021-12-21 12:52:53.694root 11241100x8000000000000000729101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478e4005ad586582021-12-21 12:52:53.695root 11241100x8000000000000000729102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b748a1af185701bf2021-12-21 12:52:53.695root 11241100x8000000000000000729103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9d643d24162f72021-12-21 12:52:53.695root 11241100x8000000000000000729104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d0323355b98be62021-12-21 12:52:53.695root 11241100x8000000000000000729105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb210a2f425374b2021-12-21 12:52:53.695root 11241100x8000000000000000729106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fd4c1d376c15e62021-12-21 12:52:53.695root 11241100x8000000000000000729107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce388559d9620832021-12-21 12:52:54.193root 11241100x8000000000000000729108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a63474787b72ee2021-12-21 12:52:54.193root 11241100x8000000000000000729109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5f5237239d6c302021-12-21 12:52:54.193root 11241100x8000000000000000729110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d819ff21cad4d72021-12-21 12:52:54.193root 11241100x8000000000000000729111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505ba553e0059e162021-12-21 12:52:54.193root 11241100x8000000000000000729112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574940167de1b1892021-12-21 12:52:54.193root 11241100x8000000000000000729113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5f1af140ec18272021-12-21 12:52:54.193root 11241100x8000000000000000729114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476973edb74c1fa12021-12-21 12:52:54.193root 11241100x8000000000000000729115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0d1b2e28fde3152021-12-21 12:52:54.194root 11241100x8000000000000000729116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7f120b6c6776ba2021-12-21 12:52:54.194root 11241100x8000000000000000729117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935a536b151726ef2021-12-21 12:52:54.194root 11241100x8000000000000000729118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbd23a4661e19302021-12-21 12:52:54.194root 11241100x8000000000000000729119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04c0cc6ace190742021-12-21 12:52:54.194root 11241100x8000000000000000729120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92e16efa3246e5f2021-12-21 12:52:54.194root 11241100x8000000000000000729121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da23c51023bb1edf2021-12-21 12:52:54.194root 11241100x8000000000000000729122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ff927038d162702021-12-21 12:52:54.693root 11241100x8000000000000000729123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4feb72463973df0e2021-12-21 12:52:54.693root 11241100x8000000000000000729124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55781828412698672021-12-21 12:52:54.693root 11241100x8000000000000000729125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef86d1c8757ea7482021-12-21 12:52:54.693root 11241100x8000000000000000729126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1188e2d4e2f4d5f2021-12-21 12:52:54.693root 11241100x8000000000000000729127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6de547c6ade5a2021-12-21 12:52:54.693root 11241100x8000000000000000729128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dcde7df1c649972021-12-21 12:52:54.693root 11241100x8000000000000000729129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cf010d0a2ac2282021-12-21 12:52:54.693root 11241100x8000000000000000729130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114e051684f7c3092021-12-21 12:52:54.694root 11241100x8000000000000000729131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02120ff2b51cab42021-12-21 12:52:54.694root 11241100x8000000000000000729132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32b7046a0bd63ec2021-12-21 12:52:54.694root 11241100x8000000000000000729133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed44bcaa6bc6a292021-12-21 12:52:54.694root 11241100x8000000000000000729134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86034ad3cd07a7d42021-12-21 12:52:54.694root 11241100x8000000000000000729135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e81cd5b8099bcb62021-12-21 12:52:54.694root 11241100x8000000000000000729136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3385695c826967332021-12-21 12:52:54.694root 11241100x8000000000000000729137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210ae1742aff92072021-12-21 12:52:55.193root 11241100x8000000000000000729138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4f018ae51fce672021-12-21 12:52:55.193root 11241100x8000000000000000729139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba8a87a0c2a5ff2021-12-21 12:52:55.193root 11241100x8000000000000000729140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d10f82a43d58b942021-12-21 12:52:55.193root 11241100x8000000000000000729141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bf7f3f5d6c2fea2021-12-21 12:52:55.193root 11241100x8000000000000000729142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6270c7e61617be562021-12-21 12:52:55.193root 11241100x8000000000000000729143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad87efdd3d78578e2021-12-21 12:52:55.194root 11241100x8000000000000000729144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46afb028163f0c012021-12-21 12:52:55.194root 11241100x8000000000000000729145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f585092ff3eb6f362021-12-21 12:52:55.194root 11241100x8000000000000000729146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106aafb96bcfb49e2021-12-21 12:52:55.194root 11241100x8000000000000000729147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46daca883704ad242021-12-21 12:52:55.194root 11241100x8000000000000000729148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad1ea858be274a62021-12-21 12:52:55.194root 11241100x8000000000000000729149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f194eba34c0256bf2021-12-21 12:52:55.194root 11241100x8000000000000000729150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15d09cad8987e8d2021-12-21 12:52:55.194root 11241100x8000000000000000729151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c98154241757632021-12-21 12:52:55.194root 11241100x8000000000000000729152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d512451c31ca1d2021-12-21 12:52:55.693root 11241100x8000000000000000729153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88bf4a19c4171a42021-12-21 12:52:55.693root 11241100x8000000000000000729154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1aac5de48a7df62021-12-21 12:52:55.693root 11241100x8000000000000000729155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20df2ff06a1a0aa22021-12-21 12:52:55.693root 11241100x8000000000000000729156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8439200851a063272021-12-21 12:52:55.693root 11241100x8000000000000000729157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6bcc2eea6b68612021-12-21 12:52:55.693root 11241100x8000000000000000729158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76ac3aefd56de142021-12-21 12:52:55.693root 11241100x8000000000000000729159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29ad3ee64927d482021-12-21 12:52:55.693root 11241100x8000000000000000729160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3051471ec4ce9052021-12-21 12:52:55.694root 11241100x8000000000000000729161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c795379f6272f9942021-12-21 12:52:55.694root 11241100x8000000000000000729162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069199e78a6d48892021-12-21 12:52:55.694root 11241100x8000000000000000729163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e755a9f9d80fedda2021-12-21 12:52:55.694root 11241100x8000000000000000729164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322e9cd9536aaffc2021-12-21 12:52:55.694root 11241100x8000000000000000729165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3966d2a4f2cc03ae2021-12-21 12:52:55.694root 11241100x8000000000000000729166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edf6353f2fa03bc2021-12-21 12:52:55.694root 11241100x8000000000000000729167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab5da1a2cd4f302021-12-21 12:52:56.193root 11241100x8000000000000000729168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2fda7185f34a9b2021-12-21 12:52:56.193root 11241100x8000000000000000729169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2c8b56cf3f17002021-12-21 12:52:56.193root 11241100x8000000000000000729170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e252dbb818386182021-12-21 12:52:56.193root 11241100x8000000000000000729171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6a85addfca63082021-12-21 12:52:56.193root 11241100x8000000000000000729172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877c0fdd9e0d48182021-12-21 12:52:56.193root 11241100x8000000000000000729173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5947c80a14c707e22021-12-21 12:52:56.193root 11241100x8000000000000000729174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d3dad5be36a5ec2021-12-21 12:52:56.193root 11241100x8000000000000000729175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cc0cb50b0b922b2021-12-21 12:52:56.194root 11241100x8000000000000000729176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94f1d2a5f7af06b2021-12-21 12:52:56.194root 11241100x8000000000000000729177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a132c1c9fa44502021-12-21 12:52:56.194root 11241100x8000000000000000729178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1becd7188469412021-12-21 12:52:56.194root 11241100x8000000000000000729179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734d81c54ca488232021-12-21 12:52:56.194root 11241100x8000000000000000729180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dd0023833a76002021-12-21 12:52:56.194root 11241100x8000000000000000729181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c3e40323b6a5d22021-12-21 12:52:56.194root 11241100x8000000000000000729182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae32f34dd118602021-12-21 12:52:56.693root 11241100x8000000000000000729183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54241824b0184c062021-12-21 12:52:56.693root 11241100x8000000000000000729184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea546d6a79d74b62021-12-21 12:52:56.693root 11241100x8000000000000000729185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a49a3bc30d99d52021-12-21 12:52:56.693root 11241100x8000000000000000729186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628e72209932d9712021-12-21 12:52:56.693root 11241100x8000000000000000729187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987692d7ab51dfed2021-12-21 12:52:56.693root 11241100x8000000000000000729188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd03c20e82dfd702021-12-21 12:52:56.693root 11241100x8000000000000000729189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa810dde0e169f72021-12-21 12:52:56.693root 11241100x8000000000000000729190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c232080f75746a292021-12-21 12:52:56.694root 11241100x8000000000000000729191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfab2243d392fd02021-12-21 12:52:56.694root 11241100x8000000000000000729192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289f5a53411960c52021-12-21 12:52:56.694root 11241100x8000000000000000729193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7276b7aefca40a422021-12-21 12:52:56.694root 11241100x8000000000000000729194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275840c38915c4662021-12-21 12:52:56.694root 11241100x8000000000000000729195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672197254c692ef72021-12-21 12:52:56.694root 11241100x8000000000000000729196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0958e1cf02f2f64a2021-12-21 12:52:56.694root 354300x8000000000000000729197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.085{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50620-false10.0.1.12-8000- 11241100x8000000000000000729198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c62d1148b6a60742021-12-21 12:52:57.086root 11241100x8000000000000000729199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a004cc19b12c90a72021-12-21 12:52:57.086root 11241100x8000000000000000729200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2a643bcb3b9a032021-12-21 12:52:57.086root 11241100x8000000000000000729201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef59056c39bb1cd02021-12-21 12:52:57.086root 11241100x8000000000000000729202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c18cea7c128b4512021-12-21 12:52:57.086root 11241100x8000000000000000729203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa5948c381ff2dd2021-12-21 12:52:57.086root 11241100x8000000000000000729204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba2e15f9a5b9e7b2021-12-21 12:52:57.086root 11241100x8000000000000000729205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545850bc580dae882021-12-21 12:52:57.086root 11241100x8000000000000000729206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e01fb9c9b5eb72021-12-21 12:52:57.086root 11241100x8000000000000000729207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5b32a3fc5bf4842021-12-21 12:52:57.087root 11241100x8000000000000000729208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d5aa8ea6c61a62021-12-21 12:52:57.087root 11241100x8000000000000000729209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2918364f44895a2021-12-21 12:52:57.087root 11241100x8000000000000000729210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2edc97a845148e92021-12-21 12:52:57.087root 11241100x8000000000000000729211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c03d62145e556a2021-12-21 12:52:57.087root 11241100x8000000000000000729212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43256126e4c509e12021-12-21 12:52:57.087root 11241100x8000000000000000729213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff78f77165830be2021-12-21 12:52:57.087root 11241100x8000000000000000729214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cf36c88facb4d72021-12-21 12:52:57.087root 11241100x8000000000000000729215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61f791a29a203452021-12-21 12:52:57.443root 11241100x8000000000000000729216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4690e30c0d5de0d82021-12-21 12:52:57.443root 11241100x8000000000000000729217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f8bc0ed0c6715e2021-12-21 12:52:57.443root 11241100x8000000000000000729218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e432fb8ff56823b2021-12-21 12:52:57.443root 11241100x8000000000000000729219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fbd7d575a28f062021-12-21 12:52:57.443root 11241100x8000000000000000729220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346342b1a01ab2412021-12-21 12:52:57.443root 11241100x8000000000000000729221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30ecf497c18e6b72021-12-21 12:52:57.443root 11241100x8000000000000000729222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70119a55eaf46b22021-12-21 12:52:57.444root 11241100x8000000000000000729223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04760a737b1f1e0f2021-12-21 12:52:57.444root 11241100x8000000000000000729224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fa6166806e3cdf2021-12-21 12:52:57.444root 11241100x8000000000000000729225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23958902aade279c2021-12-21 12:52:57.444root 11241100x8000000000000000729226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d572c4fa0b0de8e2021-12-21 12:52:57.444root 11241100x8000000000000000729227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793acc6874a5203a2021-12-21 12:52:57.444root 11241100x8000000000000000729228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557ce0506a539d152021-12-21 12:52:57.444root 11241100x8000000000000000729229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6e9ad7d50680de2021-12-21 12:52:57.444root 11241100x8000000000000000729230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abb00dc6dcdf2772021-12-21 12:52:57.444root 11241100x8000000000000000729231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf5ad3b5452493c2021-12-21 12:52:57.943root 11241100x8000000000000000729232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa720eebccfc6412021-12-21 12:52:57.943root 11241100x8000000000000000729233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a5c781854bc0342021-12-21 12:52:57.943root 11241100x8000000000000000729234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c855d7391adde32021-12-21 12:52:57.943root 11241100x8000000000000000729235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ce924fd341ebcb2021-12-21 12:52:57.943root 11241100x8000000000000000729236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa5c43577782e5e2021-12-21 12:52:57.943root 11241100x8000000000000000729237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71208955babeb2a2021-12-21 12:52:57.944root 11241100x8000000000000000729238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a547a8c65ded512021-12-21 12:52:57.944root 11241100x8000000000000000729239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd2b036ee05d1452021-12-21 12:52:57.944root 11241100x8000000000000000729240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87236234243c4b32021-12-21 12:52:57.944root 11241100x8000000000000000729241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a72beb429658a22021-12-21 12:52:57.944root 11241100x8000000000000000729242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769531e671412b762021-12-21 12:52:57.944root 11241100x8000000000000000729243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1ee22db56f9d12021-12-21 12:52:57.944root 11241100x8000000000000000729244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bffc5ce278ec812021-12-21 12:52:57.944root 11241100x8000000000000000729245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0410f873a65271372021-12-21 12:52:57.944root 11241100x8000000000000000729246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18abb89aebe739c12021-12-21 12:52:57.944root 534500x8000000000000000729247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:57.947{00000000-0000-0000-0000-000000000000}10072<unknown process>root 11241100x8000000000000000729248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cbd50e32fd1ee02021-12-21 12:52:58.443root 11241100x8000000000000000729249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb442acc333459a92021-12-21 12:52:58.443root 11241100x8000000000000000729250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93fddf437748cd22021-12-21 12:52:58.443root 11241100x8000000000000000729251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac2c050785a6d752021-12-21 12:52:58.443root 11241100x8000000000000000729252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4fa827b21f02572021-12-21 12:52:58.443root 11241100x8000000000000000729253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d72075d782141582021-12-21 12:52:58.444root 11241100x8000000000000000729254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caec2c2c9134a5d72021-12-21 12:52:58.444root 11241100x8000000000000000729255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1733ff686ec8b52021-12-21 12:52:58.444root 11241100x8000000000000000729256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd58d7de95c0e292021-12-21 12:52:58.444root 11241100x8000000000000000729257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea353930c8caf7922021-12-21 12:52:58.444root 11241100x8000000000000000729258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e78075f88ec2bb62021-12-21 12:52:58.444root 11241100x8000000000000000729259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c466b48cf39edf22021-12-21 12:52:58.444root 11241100x8000000000000000729260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81daefbdff45c922021-12-21 12:52:58.444root 11241100x8000000000000000729261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891460d9ece00f0b2021-12-21 12:52:58.444root 11241100x8000000000000000729262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21d1e953a33f3742021-12-21 12:52:58.444root 11241100x8000000000000000729263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c770c7352681d12021-12-21 12:52:58.444root 11241100x8000000000000000729264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63d3568a57d652a2021-12-21 12:52:58.444root 11241100x8000000000000000729265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ece071967e6c2b2021-12-21 12:52:58.943root 11241100x8000000000000000729266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f3298c0456fbb42021-12-21 12:52:58.943root 11241100x8000000000000000729267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1386ad7b9de63d2021-12-21 12:52:58.943root 11241100x8000000000000000729268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a98e181c58099a12021-12-21 12:52:58.943root 11241100x8000000000000000729269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900ad4fcade935e92021-12-21 12:52:58.943root 11241100x8000000000000000729270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f147f0a14abfbdb2021-12-21 12:52:58.943root 11241100x8000000000000000729271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14f8680379219742021-12-21 12:52:58.944root 11241100x8000000000000000729272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73c37614f917e402021-12-21 12:52:58.944root 11241100x8000000000000000729273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da89acf87b391772021-12-21 12:52:58.944root 11241100x8000000000000000729274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac72b2287c5824c2021-12-21 12:52:58.944root 11241100x8000000000000000729275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d67c7159e7fe1b2021-12-21 12:52:58.944root 11241100x8000000000000000729276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9216212b951481b62021-12-21 12:52:58.944root 11241100x8000000000000000729277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d1d779c524cbcc2021-12-21 12:52:58.944root 11241100x8000000000000000729278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c4b0dc61667b472021-12-21 12:52:58.944root 11241100x8000000000000000729279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a4753c365a618b2021-12-21 12:52:58.944root 11241100x8000000000000000729280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106d8aad94e983442021-12-21 12:52:58.944root 11241100x8000000000000000729281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9b38f26ebbced02021-12-21 12:52:58.944root 11241100x8000000000000000729282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e95d66f8a4e01e2021-12-21 12:52:59.443root 11241100x8000000000000000729283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf2eabbe4cf5e92021-12-21 12:52:59.443root 11241100x8000000000000000729284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521d14acc9db0a322021-12-21 12:52:59.444root 11241100x8000000000000000729285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a0ee85ea85a7902021-12-21 12:52:59.444root 11241100x8000000000000000729286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234bd43059336a222021-12-21 12:52:59.444root 11241100x8000000000000000729287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dbb1162604d7242021-12-21 12:52:59.444root 11241100x8000000000000000729288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c8df304e69dd792021-12-21 12:52:59.444root 11241100x8000000000000000729289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e6cb28a46a6a0d2021-12-21 12:52:59.444root 11241100x8000000000000000729290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b5f852b1e50fd72021-12-21 12:52:59.444root 11241100x8000000000000000729291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74176aa44f0638692021-12-21 12:52:59.444root 11241100x8000000000000000729292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233979e208f132ac2021-12-21 12:52:59.444root 11241100x8000000000000000729293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c279c72142ec7a22021-12-21 12:52:59.445root 11241100x8000000000000000729294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13752722f0a8740b2021-12-21 12:52:59.445root 11241100x8000000000000000729295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34969a3b70c1e9dc2021-12-21 12:52:59.445root 11241100x8000000000000000729296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb68c04644266a02021-12-21 12:52:59.445root 11241100x8000000000000000729297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b32770758720782021-12-21 12:52:59.445root 11241100x8000000000000000729298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332dc43034bfab612021-12-21 12:52:59.445root 11241100x8000000000000000729299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9156e6184cf4bf6b2021-12-21 12:52:59.943root 11241100x8000000000000000729300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca41dc2b2dcf1c712021-12-21 12:52:59.943root 11241100x8000000000000000729301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e9da8190881c6d2021-12-21 12:52:59.943root 11241100x8000000000000000729302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e138de6d393aff2021-12-21 12:52:59.943root 11241100x8000000000000000729303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04adc573bb429102021-12-21 12:52:59.944root 11241100x8000000000000000729304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6431ce72c7d40c472021-12-21 12:52:59.944root 11241100x8000000000000000729305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e449a09268b3fa22021-12-21 12:52:59.944root 11241100x8000000000000000729306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba48c088cd74a8a2021-12-21 12:52:59.944root 11241100x8000000000000000729307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6558dd336e7de422021-12-21 12:52:59.944root 11241100x8000000000000000729308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89ca3b5d604093e2021-12-21 12:52:59.944root 11241100x8000000000000000729309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc81c7c1f9d82df2021-12-21 12:52:59.944root 11241100x8000000000000000729310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85a0d31e55c6f0c2021-12-21 12:52:59.944root 11241100x8000000000000000729311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71ad405626ca5b02021-12-21 12:52:59.944root 11241100x8000000000000000729312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51872572e70eb8872021-12-21 12:52:59.944root 11241100x8000000000000000729313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94101755a60a045d2021-12-21 12:52:59.944root 11241100x8000000000000000729314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1743efa15b97102021-12-21 12:52:59.945root 11241100x8000000000000000729315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80b67f537e7b0212021-12-21 12:52:59.945root 11241100x8000000000000000729316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92edd75c86bf2d12021-12-21 12:53:00.443root 11241100x8000000000000000729317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af0c78d5f376f242021-12-21 12:53:00.443root 11241100x8000000000000000729318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f7d08f13a0fe62021-12-21 12:53:00.443root 11241100x8000000000000000729319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90ffafb8c5202052021-12-21 12:53:00.443root 11241100x8000000000000000729320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292a644d38465162021-12-21 12:53:00.444root 11241100x8000000000000000729321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ef75f0f52012072021-12-21 12:53:00.444root 11241100x8000000000000000729322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dda5d4a16e00892021-12-21 12:53:00.444root 11241100x8000000000000000729323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183444f5285cadc42021-12-21 12:53:00.444root 11241100x8000000000000000729324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1906330d9eaf5092021-12-21 12:53:00.444root 11241100x8000000000000000729325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a340813f44d31032021-12-21 12:53:00.444root 11241100x8000000000000000729326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebb4ec26423e8622021-12-21 12:53:00.444root 11241100x8000000000000000729327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cc7b749359f00e2021-12-21 12:53:00.444root 11241100x8000000000000000729328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99443fdcd8ec15712021-12-21 12:53:00.445root 11241100x8000000000000000729329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec00a4be4ceadb3b2021-12-21 12:53:00.445root 11241100x8000000000000000729330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf408e38b59bd7292021-12-21 12:53:00.445root 11241100x8000000000000000729331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a3ae91a8f2f8402021-12-21 12:53:00.445root 11241100x8000000000000000729332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7f9648e0c2c7d22021-12-21 12:53:00.445root 11241100x8000000000000000729333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3cc0108318f3ec2021-12-21 12:53:00.943root 11241100x8000000000000000729334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baff026cc4cbd992021-12-21 12:53:00.943root 11241100x8000000000000000729335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78914a7712296a7b2021-12-21 12:53:00.943root 11241100x8000000000000000729336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439bb5fd1dcd2a552021-12-21 12:53:00.943root 11241100x8000000000000000729337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a12f6d6679ad2742021-12-21 12:53:00.944root 11241100x8000000000000000729338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd01a27163c468f2021-12-21 12:53:00.944root 11241100x8000000000000000729339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e88128bace6b752021-12-21 12:53:00.944root 11241100x8000000000000000729340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c9a637e3daa4b42021-12-21 12:53:00.944root 11241100x8000000000000000729341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc26cbf71070c9322021-12-21 12:53:00.944root 11241100x8000000000000000729342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7098c6dcdae45efc2021-12-21 12:53:00.944root 11241100x8000000000000000729343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ec84ae8e5b07bb2021-12-21 12:53:00.944root 11241100x8000000000000000729344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32d47a8a2b2f0122021-12-21 12:53:00.944root 11241100x8000000000000000729345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb41890347ca6ec12021-12-21 12:53:00.944root 11241100x8000000000000000729346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16c2ad3b61cdb5f2021-12-21 12:53:00.944root 11241100x8000000000000000729347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542e39be50f842a42021-12-21 12:53:00.944root 11241100x8000000000000000729348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0af3e7e54e9c7c2021-12-21 12:53:00.945root 11241100x8000000000000000729349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d515fce0b0d877ba2021-12-21 12:53:00.945root 11241100x8000000000000000729350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfa1bdf37d4a5b32021-12-21 12:53:01.443root 11241100x8000000000000000729351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a90eabd8674a702021-12-21 12:53:01.443root 11241100x8000000000000000729352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c93ec6e560871792021-12-21 12:53:01.443root 11241100x8000000000000000729353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dcb2104e2a838a2021-12-21 12:53:01.444root 11241100x8000000000000000729354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0c8e53cb6ad6a92021-12-21 12:53:01.444root 11241100x8000000000000000729355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb5cef7af36511e2021-12-21 12:53:01.444root 11241100x8000000000000000729356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3122a909d1fa102021-12-21 12:53:01.444root 11241100x8000000000000000729357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a8328f7442fa2b2021-12-21 12:53:01.444root 11241100x8000000000000000729358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d2adb52ea9c8dd2021-12-21 12:53:01.444root 11241100x8000000000000000729359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6ed12ca8fbcc5d2021-12-21 12:53:01.444root 11241100x8000000000000000729360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18c5c8c738353d72021-12-21 12:53:01.444root 11241100x8000000000000000729361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b813cc2e6804ff2021-12-21 12:53:01.444root 11241100x8000000000000000729362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35517bee692a072021-12-21 12:53:01.444root 11241100x8000000000000000729363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6876d8db5168a32021-12-21 12:53:01.444root 11241100x8000000000000000729364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c705ef754168ff2021-12-21 12:53:01.445root 11241100x8000000000000000729365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6faed297a14752021-12-21 12:53:01.445root 11241100x8000000000000000729366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbcbfbfd95c4fd12021-12-21 12:53:01.445root 11241100x8000000000000000729367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcb1977b2e41ede2021-12-21 12:53:01.943root 11241100x8000000000000000729368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411b0df4d455f5e92021-12-21 12:53:01.943root 11241100x8000000000000000729369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf88c9ba7f4e3e42021-12-21 12:53:01.943root 11241100x8000000000000000729370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c2fbc4a9016f2a2021-12-21 12:53:01.943root 11241100x8000000000000000729371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9585d1037d618a2021-12-21 12:53:01.944root 11241100x8000000000000000729372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe849af26a8fc4d2021-12-21 12:53:01.944root 11241100x8000000000000000729373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee890d424cd14412021-12-21 12:53:01.944root 11241100x8000000000000000729374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6e6053edde22c62021-12-21 12:53:01.944root 11241100x8000000000000000729375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fa8a0e3d1415e82021-12-21 12:53:01.944root 11241100x8000000000000000729376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c906e1701980354a2021-12-21 12:53:01.944root 11241100x8000000000000000729377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a60e8a6d6c094752021-12-21 12:53:01.944root 11241100x8000000000000000729378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4da500026149b2b2021-12-21 12:53:01.944root 11241100x8000000000000000729379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad5b9fa64866d1f2021-12-21 12:53:01.945root 11241100x8000000000000000729380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03457470ea90f9e2021-12-21 12:53:01.945root 11241100x8000000000000000729381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190fbff2e641bce32021-12-21 12:53:01.945root 11241100x8000000000000000729382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bca021da3a3dbe22021-12-21 12:53:01.945root 11241100x8000000000000000729383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3985829c3f2b9b2021-12-21 12:53:01.945root 354300x8000000000000000729384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.206{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50622-false10.0.1.12-8000- 11241100x8000000000000000729385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77aaf02ffe4913f12021-12-21 12:53:02.207root 11241100x8000000000000000729386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebe7339bf22eb2b2021-12-21 12:53:02.207root 11241100x8000000000000000729387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48835e0bb5ce083a2021-12-21 12:53:02.207root 11241100x8000000000000000729388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ab0f31b1f7fb422021-12-21 12:53:02.207root 11241100x8000000000000000729389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7879dc530b2ca942021-12-21 12:53:02.207root 11241100x8000000000000000729390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8f4378cda0cdfe2021-12-21 12:53:02.207root 11241100x8000000000000000729391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d98e1fd9fe6488b2021-12-21 12:53:02.207root 11241100x8000000000000000729392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c792c58d6845cb082021-12-21 12:53:02.208root 11241100x8000000000000000729393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddaf7a82ba4f9da12021-12-21 12:53:02.208root 11241100x8000000000000000729394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a067b56bfcf44bdf2021-12-21 12:53:02.208root 11241100x8000000000000000729395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e526a165c41c172021-12-21 12:53:02.208root 11241100x8000000000000000729396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b159f01e9bf0ac72021-12-21 12:53:02.208root 11241100x8000000000000000729397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f85dde386567112021-12-21 12:53:02.208root 11241100x8000000000000000729398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e265b94e787742021-12-21 12:53:02.208root 11241100x8000000000000000729399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae4c182b33853a72021-12-21 12:53:02.208root 11241100x8000000000000000729400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e832fe520fc0d42021-12-21 12:53:02.208root 11241100x8000000000000000729401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497dd4ded65ba30b2021-12-21 12:53:02.208root 11241100x8000000000000000729402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff6e69d42aec6182021-12-21 12:53:02.208root 11241100x8000000000000000729403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f0e33bb22eba712021-12-21 12:53:02.693root 11241100x8000000000000000729404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa3463713f677da2021-12-21 12:53:02.693root 11241100x8000000000000000729405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd31dc40b0fde9242021-12-21 12:53:02.694root 11241100x8000000000000000729406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711e25baf4f7eb132021-12-21 12:53:02.694root 11241100x8000000000000000729407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0f7da1075d68522021-12-21 12:53:02.694root 11241100x8000000000000000729408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0e00e1d38358d72021-12-21 12:53:02.694root 11241100x8000000000000000729409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e473783f9b8177662021-12-21 12:53:02.694root 11241100x8000000000000000729410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f545c442b6e32be2021-12-21 12:53:02.694root 11241100x8000000000000000729411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8679fb6955abfb072021-12-21 12:53:02.694root 11241100x8000000000000000729412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18003d18fe291b92021-12-21 12:53:02.694root 11241100x8000000000000000729413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aad8a5ca1b6f5682021-12-21 12:53:02.694root 11241100x8000000000000000729414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01053ff515338e462021-12-21 12:53:02.694root 11241100x8000000000000000729415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219426045716cb622021-12-21 12:53:02.694root 11241100x8000000000000000729416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca92c1b75d7857e32021-12-21 12:53:02.695root 11241100x8000000000000000729417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f499ec9caae64e2021-12-21 12:53:02.695root 11241100x8000000000000000729418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3b236b4bddc2702021-12-21 12:53:02.695root 11241100x8000000000000000729419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9208f5fcedfc29a12021-12-21 12:53:02.695root 11241100x8000000000000000729420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb9b7e490a7f1ab2021-12-21 12:53:02.695root 11241100x8000000000000000729421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c254082223443e5c2021-12-21 12:53:03.193root 11241100x8000000000000000729422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77e11c843aadf4a2021-12-21 12:53:03.193root 11241100x8000000000000000729423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2298572ed20d97282021-12-21 12:53:03.193root 11241100x8000000000000000729424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79269bd538155812021-12-21 12:53:03.193root 11241100x8000000000000000729425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2261be9592e412021-12-21 12:53:03.193root 11241100x8000000000000000729426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be5dad2c3af25472021-12-21 12:53:03.193root 11241100x8000000000000000729427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b17d68e42421442021-12-21 12:53:03.193root 11241100x8000000000000000729428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31658a36dbb6033b2021-12-21 12:53:03.193root 11241100x8000000000000000729429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0e109e5319b5642021-12-21 12:53:03.193root 11241100x8000000000000000729430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24555fe461200b2021-12-21 12:53:03.194root 11241100x8000000000000000729431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62e6e7211ae47a02021-12-21 12:53:03.194root 11241100x8000000000000000729432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1a2a28fa11e15e2021-12-21 12:53:03.194root 11241100x8000000000000000729433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157ce00bc22630712021-12-21 12:53:03.194root 11241100x8000000000000000729434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4e0d3c466e9a1a2021-12-21 12:53:03.194root 11241100x8000000000000000729435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c152a526a8961a2021-12-21 12:53:03.194root 11241100x8000000000000000729436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeadbf0b2acbf7762021-12-21 12:53:03.194root 11241100x8000000000000000729437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39fddbc0e732cb12021-12-21 12:53:03.194root 11241100x8000000000000000729438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eb4ad61efd38ad2021-12-21 12:53:03.195root 11241100x8000000000000000729439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93aca06c6d7c6212021-12-21 12:53:03.693root 11241100x8000000000000000729440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2bbf56128326052021-12-21 12:53:03.693root 11241100x8000000000000000729441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fda9d6478171d82021-12-21 12:53:03.694root 11241100x8000000000000000729442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fef64df928808ed2021-12-21 12:53:03.694root 11241100x8000000000000000729443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d3f0cb64e90f232021-12-21 12:53:03.694root 11241100x8000000000000000729444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff867f499fc6cc012021-12-21 12:53:03.694root 11241100x8000000000000000729445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40c091352e8fbb42021-12-21 12:53:03.695root 11241100x8000000000000000729446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3543546aaf8bc52b2021-12-21 12:53:03.695root 11241100x8000000000000000729447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ba9b54a83faf2e2021-12-21 12:53:03.696root 11241100x8000000000000000729448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1336d56ce5d813b92021-12-21 12:53:03.696root 11241100x8000000000000000729449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87a4c8773e5b1892021-12-21 12:53:03.696root 11241100x8000000000000000729450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a203ffda0332c02021-12-21 12:53:03.696root 11241100x8000000000000000729451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b0bfdde811e132021-12-21 12:53:03.696root 11241100x8000000000000000729452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b039f0d44f7a6f052021-12-21 12:53:03.696root 11241100x8000000000000000729453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795534fbc731a5422021-12-21 12:53:03.697root 11241100x8000000000000000729454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb3c4219dfa58902021-12-21 12:53:03.697root 11241100x8000000000000000729455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c96880dd8ec1c712021-12-21 12:53:03.697root 11241100x8000000000000000729456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb7d9729935e7b42021-12-21 12:53:03.697root 534500x8000000000000000729457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:03.865{00000000-0000-0000-0000-000000000000}10162<unknown process>ubuntu 11241100x8000000000000000729458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4623299b88187c6d2021-12-21 12:53:04.193root 11241100x8000000000000000729459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b2ca9a1a43a6422021-12-21 12:53:04.193root 11241100x8000000000000000729460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0e081b7b45d9512021-12-21 12:53:04.193root 11241100x8000000000000000729461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beadfe01c781e202021-12-21 12:53:04.193root 11241100x8000000000000000729462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f85eafdda234ab2021-12-21 12:53:04.193root 11241100x8000000000000000729463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c556e439e0f868d2021-12-21 12:53:04.193root 11241100x8000000000000000729464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa486cdf78dfb7e22021-12-21 12:53:04.193root 11241100x8000000000000000729465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3000993a668a7c2021-12-21 12:53:04.193root 11241100x8000000000000000729466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450a45fde39c05552021-12-21 12:53:04.194root 11241100x8000000000000000729467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f31468d95f07c2021-12-21 12:53:04.194root 11241100x8000000000000000729468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448d354852f8373d2021-12-21 12:53:04.194root 11241100x8000000000000000729469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d70c9f19bbf715c2021-12-21 12:53:04.194root 11241100x8000000000000000729470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9364bdc854ef2a2021-12-21 12:53:04.194root 11241100x8000000000000000729471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f478b062443f2862021-12-21 12:53:04.194root 11241100x8000000000000000729472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77edc24a71a978c2021-12-21 12:53:04.194root 11241100x8000000000000000729473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e96367c9fbc85372021-12-21 12:53:04.194root 11241100x8000000000000000729474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d21507030029422021-12-21 12:53:04.194root 11241100x8000000000000000729475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95962bfa0efc11132021-12-21 12:53:04.194root 11241100x8000000000000000729476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1bc29de15c819f2021-12-21 12:53:04.194root 11241100x8000000000000000729477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6439e0288ce929982021-12-21 12:53:04.693root 11241100x8000000000000000729478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c21412a67189e42021-12-21 12:53:04.693root 11241100x8000000000000000729479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37e26d21ca026892021-12-21 12:53:04.693root 11241100x8000000000000000729480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801c0cc9a309eafa2021-12-21 12:53:04.693root 11241100x8000000000000000729481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f34ae4323c64d02021-12-21 12:53:04.694root 11241100x8000000000000000729482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e6b486930352482021-12-21 12:53:04.694root 11241100x8000000000000000729483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d180f7522872af9f2021-12-21 12:53:04.694root 11241100x8000000000000000729484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88f83783cfbf0712021-12-21 12:53:04.694root 11241100x8000000000000000729485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91048e191619f6912021-12-21 12:53:04.694root 11241100x8000000000000000729486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b686c25bdb94262021-12-21 12:53:04.694root 11241100x8000000000000000729487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfa786de4740362021-12-21 12:53:04.694root 11241100x8000000000000000729488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c337413d51b42a2021-12-21 12:53:04.694root 11241100x8000000000000000729489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68a7441ebb9a6842021-12-21 12:53:04.694root 11241100x8000000000000000729490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bced025b8b4cb692021-12-21 12:53:04.694root 11241100x8000000000000000729491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93544c6860bdd59b2021-12-21 12:53:04.694root 11241100x8000000000000000729492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3420df72a20450422021-12-21 12:53:04.694root 11241100x8000000000000000729493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514415baed96c3c02021-12-21 12:53:04.694root 11241100x8000000000000000729494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fda9a7592431aa12021-12-21 12:53:04.694root 11241100x8000000000000000729495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a4adac5ff4b8fa2021-12-21 12:53:04.694root 154100x8000000000000000729496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.003{ec2b6afe-ce31-61c1-086e-de9398550000}10163/usr/bin/sudo-----sudo ./stdout_etc.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000729497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.005{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71aad07d707b59b2021-12-21 12:53:05.005root 11241100x8000000000000000729498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.005{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0ce711ba65ac522021-12-21 12:53:05.005root 11241100x8000000000000000729499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.005{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f226237a93fb1372021-12-21 12:53:05.005root 11241100x8000000000000000729500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.005{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8403d9ed36d002021-12-21 12:53:05.005root 11241100x8000000000000000729501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.006{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca37915cc3eaabe2021-12-21 12:53:05.006root 11241100x8000000000000000729502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.006{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6455ed71d09f7ea32021-12-21 12:53:05.006root 11241100x8000000000000000729503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.007{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553d08be23917f2d2021-12-21 12:53:05.007root 354300x8000000000000000729504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.007{ec2b6afe-ce31-61c1-086e-de9398550000}10163/usr/bin/sudoubuntuudptruefalse127.0.0.1-36805-false127.0.0.53-53- 354300x8000000000000000729505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.007{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-52079-false10.0.0.2-53- 354300x8000000000000000729506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.007{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-33219-false10.0.0.2-53- 354300x8000000000000000729507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.009{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-36805- 354300x8000000000000000729508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.009{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53068- 354300x8000000000000000729509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.009{ec2b6afe-ce31-61c1-086e-de9398550000}10163/usr/bin/sudoubuntuudptruefalse127.0.0.1-53068-false127.0.0.53-53- 11241100x8000000000000000729510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6976566070c2dbb2021-12-21 12:53:05.010root 11241100x8000000000000000729511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.010{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b738901572b7247a2021-12-21 12:53:05.010root 11241100x8000000000000000729512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bfe3a7d22f54602021-12-21 12:53:05.011root 11241100x8000000000000000729513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff6dd781f1781f32021-12-21 12:53:05.011root 11241100x8000000000000000729514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a8d33ea962c6812021-12-21 12:53:05.011root 11241100x8000000000000000729515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ad4fc1d995b2892021-12-21 12:53:05.012root 11241100x8000000000000000729516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50f423f08bbe3692021-12-21 12:53:05.012root 11241100x8000000000000000729517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25392fbe6dd907e52021-12-21 12:53:05.012root 154100x8000000000000000729518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.012{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dash-----sh ./stdout_etc.sh/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ce31-61c1-086e-de9398550000}10163/usr/bin/sudosudoubuntu 11241100x8000000000000000729519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.013{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dash/home/ubuntu/file_shadow2021-12-21 12:53:05.013root 11241100x8000000000000000729520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c48095f0bea1e62021-12-21 12:53:05.013root 11241100x8000000000000000729521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32efe93fc3ffaf802021-12-21 12:53:05.013root 11241100x8000000000000000729522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48e0f3ecf9efb452021-12-21 12:53:05.013root 11241100x8000000000000000729523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66e9b26b58984cf2021-12-21 12:53:05.013root 11241100x8000000000000000729524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dfc53fd0bffe7c2021-12-21 12:53:05.014root 154100x8000000000000000729525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.013{ec2b6afe-ce31-61c1-d099-bda8ed550000}10165/bin/cat-----cat /etc/shadow/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dashshroot 11241100x8000000000000000729526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8bf9c111acf9a92021-12-21 12:53:05.014root 11241100x8000000000000000729527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c1bd247683b95c2021-12-21 12:53:05.014root 534500x8000000000000000729528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.014{ec2b6afe-ce31-61c1-d099-bda8ed550000}10165/bin/catroot 11241100x8000000000000000729529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.014{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dash/home/ubuntu/file_passwd2021-12-21 12:53:05.014root 154100x8000000000000000729530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.015{ec2b6afe-ce31-61c1-d009-8b6c8f550000}10166/bin/cat-----cat /etc/passwd/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dashshroot 534500x8000000000000000729531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.016{ec2b6afe-ce31-61c1-d009-8b6c8f550000}10166/bin/catroot 11241100x8000000000000000729532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.016{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dash/home/ubuntu/file_sudoers2021-12-21 12:53:05.016root 154100x8000000000000000729533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.016{ec2b6afe-ce31-61c1-d049-c09424560000}10167/bin/cat-----cat /etc/sudoers/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dashshroot 534500x8000000000000000729534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.017{ec2b6afe-ce31-61c1-d049-c09424560000}10167/bin/catroot 534500x8000000000000000729535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.017{ec2b6afe-ce31-61c1-6882-af81a3550000}10164/bin/dashroot 534500x8000000000000000729536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.018{ec2b6afe-ce31-61c1-086e-de9398550000}10163/usr/bin/sudoroot 11241100x8000000000000000729537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b65be4e5844d792021-12-21 12:53:05.443root 11241100x8000000000000000729538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d790f18ddbfd322021-12-21 12:53:05.443root 11241100x8000000000000000729539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48df219a107379ef2021-12-21 12:53:05.443root 11241100x8000000000000000729540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4578af11439b41e32021-12-21 12:53:05.443root 11241100x8000000000000000729541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8564514d80778d352021-12-21 12:53:05.444root 11241100x8000000000000000729542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6ae46d341ff8872021-12-21 12:53:05.444root 11241100x8000000000000000729543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ea2eec765fb6482021-12-21 12:53:05.444root 11241100x8000000000000000729544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c668a62df17d7af22021-12-21 12:53:05.444root 11241100x8000000000000000729545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741b3cd1289896b32021-12-21 12:53:05.444root 11241100x8000000000000000729546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e60cd138c78b612021-12-21 12:53:05.444root 11241100x8000000000000000729547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73da20dc8d2462d2021-12-21 12:53:05.444root 11241100x8000000000000000729548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483a00431cd93e992021-12-21 12:53:05.444root 11241100x8000000000000000729549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c284ded625311b312021-12-21 12:53:05.444root 11241100x8000000000000000729550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307fa50ab00b7f792021-12-21 12:53:05.444root 11241100x8000000000000000729551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e654f5978ba983832021-12-21 12:53:05.444root 11241100x8000000000000000729552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6547f857ff6dc5ab2021-12-21 12:53:05.444root 11241100x8000000000000000729553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54e8c2be8e304092021-12-21 12:53:05.444root 11241100x8000000000000000729554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6459ab23df0b57b02021-12-21 12:53:05.444root 11241100x8000000000000000729555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd18e4a3501c4b82021-12-21 12:53:05.445root 11241100x8000000000000000729556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901c5783db5c09902021-12-21 12:53:05.445root 11241100x8000000000000000729557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd664fcdaf25b4c52021-12-21 12:53:05.445root 11241100x8000000000000000729558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f34b7dc59bc9322021-12-21 12:53:05.445root 11241100x8000000000000000729559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810e0de646f3a8c32021-12-21 12:53:05.445root 11241100x8000000000000000729560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d895e5af3583302021-12-21 12:53:05.445root 11241100x8000000000000000729561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a979aa1ebb8985d2021-12-21 12:53:05.445root 11241100x8000000000000000729562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d933506f12d21dc2021-12-21 12:53:05.445root 11241100x8000000000000000729563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916602476f2d05822021-12-21 12:53:05.445root 11241100x8000000000000000729564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f690e6a2bf832332021-12-21 12:53:05.445root 11241100x8000000000000000729565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee664a825faace7a2021-12-21 12:53:05.445root 11241100x8000000000000000729566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b32b50f19b03822021-12-21 12:53:05.445root 11241100x8000000000000000729567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f84431fc5042c32021-12-21 12:53:05.445root 11241100x8000000000000000729568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16748ef872039fe2021-12-21 12:53:05.445root 11241100x8000000000000000729569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8464e5ed4c9a8d32021-12-21 12:53:05.445root 11241100x8000000000000000729570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df46fb4da3a97e72021-12-21 12:53:05.445root 11241100x8000000000000000729571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727c8bb1a4650782021-12-21 12:53:05.446root 11241100x8000000000000000729572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26946c5b32b0b3492021-12-21 12:53:05.446root 11241100x8000000000000000729573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2149105e7b4a6c2021-12-21 12:53:05.446root 11241100x8000000000000000729574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391b932d42edaaf82021-12-21 12:53:05.446root 11241100x8000000000000000729575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5633459a8bde118b2021-12-21 12:53:05.446root 11241100x8000000000000000729576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ee54a5d34321f02021-12-21 12:53:05.446root 11241100x8000000000000000729577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e2f4c0225b844d2021-12-21 12:53:05.446root 11241100x8000000000000000729578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e3a8745dd1a9472021-12-21 12:53:05.943root 11241100x8000000000000000729579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e261c5402feaf45c2021-12-21 12:53:05.943root 11241100x8000000000000000729580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117fdd77e51c1b5c2021-12-21 12:53:05.943root 11241100x8000000000000000729581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2329e617fd7e052021-12-21 12:53:05.943root 11241100x8000000000000000729582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7586ea380556d83b2021-12-21 12:53:05.944root 11241100x8000000000000000729583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376c2cdc5710adf52021-12-21 12:53:05.944root 11241100x8000000000000000729584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1617d04bec2372021-12-21 12:53:05.944root 11241100x8000000000000000729585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583915b5b995d9d62021-12-21 12:53:05.944root 11241100x8000000000000000729586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ee7fbb53aac2002021-12-21 12:53:05.944root 11241100x8000000000000000729587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a2fd80ffd36c412021-12-21 12:53:05.944root 11241100x8000000000000000729588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef67932e64e7fa2021-12-21 12:53:05.944root 11241100x8000000000000000729589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcc5b5d4a15d78a2021-12-21 12:53:05.944root 11241100x8000000000000000729590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9638dcd191bbde2021-12-21 12:53:05.944root 11241100x8000000000000000729591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9ade5e69d1b57c2021-12-21 12:53:05.944root 11241100x8000000000000000729592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e531ac91dd323f02021-12-21 12:53:05.944root 11241100x8000000000000000729593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0979b2e167a42a2021-12-21 12:53:05.944root 11241100x8000000000000000729594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14defb1432eff1842021-12-21 12:53:05.945root 11241100x8000000000000000729595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4912f0f05e56b4ba2021-12-21 12:53:05.945root 11241100x8000000000000000729596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d00e07d5e1d692021-12-21 12:53:05.945root 11241100x8000000000000000729597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e6992aca9013a22021-12-21 12:53:05.945root 11241100x8000000000000000729598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43e2bd074873db32021-12-21 12:53:05.945root 11241100x8000000000000000729599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467f57f7f699b8b12021-12-21 12:53:05.945root 11241100x8000000000000000729600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76fddb9ddf887752021-12-21 12:53:05.945root 11241100x8000000000000000729601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c59737d6615a1b2021-12-21 12:53:05.945root 11241100x8000000000000000729602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce73708acbc750f2021-12-21 12:53:05.945root 11241100x8000000000000000729603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef80f1fb3003b8012021-12-21 12:53:05.945root 11241100x8000000000000000729604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89034b8d109b02792021-12-21 12:53:05.945root 11241100x8000000000000000729605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055d3d8d23ebcdde2021-12-21 12:53:05.945root 11241100x8000000000000000729606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4da043338261fe72021-12-21 12:53:05.946root 11241100x8000000000000000729607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416bfcda4b7f70c62021-12-21 12:53:05.946root 11241100x8000000000000000729608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fa42f972a95ea22021-12-21 12:53:05.946root 11241100x8000000000000000729609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a559a6fc5d49996f2021-12-21 12:53:05.946root 11241100x8000000000000000729610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c15006f999a9982021-12-21 12:53:05.946root 11241100x8000000000000000729611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9fc5343a3e8de52021-12-21 12:53:05.946root 11241100x8000000000000000729612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef08bbbcacffe2f2021-12-21 12:53:05.946root 11241100x8000000000000000729613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a25d95396c96af52021-12-21 12:53:05.946root 11241100x8000000000000000729614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdd3031d028d5712021-12-21 12:53:05.946root 11241100x8000000000000000729615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5522598171106c0c2021-12-21 12:53:05.946root 11241100x8000000000000000729616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef21c1109687a5c32021-12-21 12:53:05.947root 11241100x8000000000000000729617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e587cc0960e2642021-12-21 12:53:05.947root 11241100x8000000000000000729618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.130{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:53:06.130root 11241100x8000000000000000729619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8d13b565f372742021-12-21 12:53:06.443root 11241100x8000000000000000729620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f77641181a50782021-12-21 12:53:06.443root 11241100x8000000000000000729621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2962a9aea8395d2021-12-21 12:53:06.443root 11241100x8000000000000000729622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c0604038a07d222021-12-21 12:53:06.443root 11241100x8000000000000000729623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f5e7a845714e662021-12-21 12:53:06.444root 11241100x8000000000000000729624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c8555c819ef0922021-12-21 12:53:06.444root 11241100x8000000000000000729625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c195f6f7307b3d2021-12-21 12:53:06.444root 11241100x8000000000000000729626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177bb872544228172021-12-21 12:53:06.444root 11241100x8000000000000000729627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d269656e945a13242021-12-21 12:53:06.444root 11241100x8000000000000000729628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3652f4794854eae2021-12-21 12:53:06.444root 11241100x8000000000000000729629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8f302ceacfece2021-12-21 12:53:06.444root 11241100x8000000000000000729630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f4c4a558a36d1e2021-12-21 12:53:06.444root 11241100x8000000000000000729631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542b88f490bddc792021-12-21 12:53:06.445root 11241100x8000000000000000729632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2262a168a6548c2021-12-21 12:53:06.445root 11241100x8000000000000000729633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23504464b59f6a62021-12-21 12:53:06.445root 11241100x8000000000000000729634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07593cf0587b89fb2021-12-21 12:53:06.445root 11241100x8000000000000000729635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347fab720a441a8a2021-12-21 12:53:06.445root 11241100x8000000000000000729636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7cc7656b324ab42021-12-21 12:53:06.445root 11241100x8000000000000000729637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b42525b127cfa32021-12-21 12:53:06.446root 11241100x8000000000000000729638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911dd2634123f4722021-12-21 12:53:06.446root 11241100x8000000000000000729639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a1023faf0d148f2021-12-21 12:53:06.446root 11241100x8000000000000000729640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9f518791017c512021-12-21 12:53:06.446root 11241100x8000000000000000729641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ad67c2dc81306a2021-12-21 12:53:06.446root 11241100x8000000000000000729642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3731262aefbf1782021-12-21 12:53:06.446root 11241100x8000000000000000729643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf5a7c4033bacb02021-12-21 12:53:06.447root 11241100x8000000000000000729644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553fbf4e24a36c312021-12-21 12:53:06.447root 11241100x8000000000000000729645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e942dc7eaec5fbe2021-12-21 12:53:06.447root 11241100x8000000000000000729646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61d186d490d4e142021-12-21 12:53:06.447root 11241100x8000000000000000729647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9377471c7b7fbbaa2021-12-21 12:53:06.447root 11241100x8000000000000000729648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d44633ef49cca2021-12-21 12:53:06.447root 11241100x8000000000000000729649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53383b52c1fe50882021-12-21 12:53:06.447root 11241100x8000000000000000729650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f011680ad851a42021-12-21 12:53:06.447root 11241100x8000000000000000729651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa357d9618e58752021-12-21 12:53:06.448root 11241100x8000000000000000729652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaa5aace9fe93d52021-12-21 12:53:06.448root 11241100x8000000000000000729653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a520f05a34a3c22021-12-21 12:53:06.448root 11241100x8000000000000000729654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01129d10f82688892021-12-21 12:53:06.448root 11241100x8000000000000000729655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb99b4c330536752021-12-21 12:53:06.448root 11241100x8000000000000000729656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2618053cad1cc4d2021-12-21 12:53:06.448root 11241100x8000000000000000729657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e016a268ee36a662021-12-21 12:53:06.448root 11241100x8000000000000000729658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d851e159ae715112021-12-21 12:53:06.943root 11241100x8000000000000000729659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7ecda8e4cab0b22021-12-21 12:53:06.943root 11241100x8000000000000000729660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064f7bc8bc303c062021-12-21 12:53:06.943root 11241100x8000000000000000729661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908a602b8fc6f4822021-12-21 12:53:06.944root 11241100x8000000000000000729662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98695dfa1e2773c12021-12-21 12:53:06.944root 11241100x8000000000000000729663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be87ab64455d0d522021-12-21 12:53:06.944root 11241100x8000000000000000729664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cce5e35b45546e2021-12-21 12:53:06.944root 11241100x8000000000000000729665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ba69aca8eff3ab2021-12-21 12:53:06.944root 11241100x8000000000000000729666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27d0e1b36cc98402021-12-21 12:53:06.944root 11241100x8000000000000000729667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74101fcd5c1965f02021-12-21 12:53:06.945root 11241100x8000000000000000729668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87d370618f2f1c72021-12-21 12:53:06.945root 11241100x8000000000000000729669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8453e4326ebf97c2021-12-21 12:53:06.945root 11241100x8000000000000000729670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e6aeb06c6250b2021-12-21 12:53:06.945root 11241100x8000000000000000729671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05292d8005d9a672021-12-21 12:53:06.945root 11241100x8000000000000000729672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1648dcef5451822021-12-21 12:53:06.945root 11241100x8000000000000000729673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee9b0aa9e84b7a72021-12-21 12:53:06.946root 11241100x8000000000000000729674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e682d9802d1f964c2021-12-21 12:53:06.946root 11241100x8000000000000000729675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27047c1db68ba6fb2021-12-21 12:53:06.946root 11241100x8000000000000000729676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ba6256df8dadac2021-12-21 12:53:06.946root 11241100x8000000000000000729677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63897a12c8899252021-12-21 12:53:06.946root 11241100x8000000000000000729678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dce46198124c1a2021-12-21 12:53:06.946root 11241100x8000000000000000729679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6758698a6b440af32021-12-21 12:53:06.946root 11241100x8000000000000000729680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a4aad289055be12021-12-21 12:53:06.947root 11241100x8000000000000000729681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac80d92e3f8b5ac2021-12-21 12:53:06.947root 11241100x8000000000000000729682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def38e07cb04bcce2021-12-21 12:53:06.947root 11241100x8000000000000000729683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd603bd1b1b3e9a2021-12-21 12:53:06.948root 11241100x8000000000000000729684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e30fd1fcc51fcc2021-12-21 12:53:06.948root 11241100x8000000000000000729685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf58d0526ea5c5fe2021-12-21 12:53:06.948root 11241100x8000000000000000729686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9793623b62e5c022021-12-21 12:53:06.948root 11241100x8000000000000000729687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d6805788b4f5ac2021-12-21 12:53:06.949root 11241100x8000000000000000729688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9f7d2e5df2e0f42021-12-21 12:53:06.949root 11241100x8000000000000000729689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cc343a9caa31fa2021-12-21 12:53:06.949root 11241100x8000000000000000729690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe325ba4d057c232021-12-21 12:53:06.949root 11241100x8000000000000000729691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdf942947a648692021-12-21 12:53:06.950root 11241100x8000000000000000729692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb8265064a3f3ac2021-12-21 12:53:06.950root 11241100x8000000000000000729693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7a0f9db10d1c782021-12-21 12:53:06.950root 11241100x8000000000000000729694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f497464da3550852021-12-21 12:53:06.950root 11241100x8000000000000000729695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878b2d793213dabc2021-12-21 12:53:06.951root 11241100x8000000000000000729696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bed42ae2ec369a2021-12-21 12:53:06.951root 11241100x8000000000000000729697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d42978a1592a6922021-12-21 12:53:06.951root 11241100x8000000000000000729698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e314013fd0f5c92021-12-21 12:53:06.951root 11241100x8000000000000000729699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e3925549d7d00e2021-12-21 12:53:07.443root 11241100x8000000000000000729700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666a3f38509cfb1c2021-12-21 12:53:07.443root 11241100x8000000000000000729701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3369ade5bc9ea12021-12-21 12:53:07.443root 11241100x8000000000000000729702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d92da9f942d0d3e2021-12-21 12:53:07.444root 11241100x8000000000000000729703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad4d208de7630c2021-12-21 12:53:07.444root 11241100x8000000000000000729704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c2cdb22238475a2021-12-21 12:53:07.444root 11241100x8000000000000000729705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18b0968910814232021-12-21 12:53:07.444root 11241100x8000000000000000729706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401ed8d774a7747c2021-12-21 12:53:07.444root 11241100x8000000000000000729707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a851588ca67ad7e2021-12-21 12:53:07.444root 11241100x8000000000000000729708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787e7a1993e2c0f02021-12-21 12:53:07.444root 11241100x8000000000000000729709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd9a43efc2fddb2021-12-21 12:53:07.444root 11241100x8000000000000000729710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e64c54f5b8fc7d2021-12-21 12:53:07.444root 11241100x8000000000000000729711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e7d13e1ac15f682021-12-21 12:53:07.444root 11241100x8000000000000000729712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec219b85fe7e7732021-12-21 12:53:07.445root 11241100x8000000000000000729713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0324b9f42b2cb252021-12-21 12:53:07.445root 11241100x8000000000000000729714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565bfaaabe3ff8a82021-12-21 12:53:07.445root 11241100x8000000000000000729715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4fb026b41c2e0e2021-12-21 12:53:07.445root 11241100x8000000000000000729716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611e248bcbc7c6002021-12-21 12:53:07.445root 11241100x8000000000000000729717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07a2ec61bd67d7e2021-12-21 12:53:07.445root 11241100x8000000000000000729718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe07f2c3f119a33e2021-12-21 12:53:07.445root 11241100x8000000000000000729719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12acac99ed9c9f522021-12-21 12:53:07.446root 11241100x8000000000000000729720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb089b5bd3618d282021-12-21 12:53:07.446root 11241100x8000000000000000729721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460c0edf92241d872021-12-21 12:53:07.446root 11241100x8000000000000000729722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86e78ac9a209c102021-12-21 12:53:07.446root 11241100x8000000000000000729723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d15550ee377252a2021-12-21 12:53:07.446root 11241100x8000000000000000729724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e633e0d0dbb96c4c2021-12-21 12:53:07.446root 11241100x8000000000000000729725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b826660ee7c379d02021-12-21 12:53:07.446root 11241100x8000000000000000729726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781860d0d87bf17b2021-12-21 12:53:07.446root 11241100x8000000000000000729727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4b242ca0b5ea2b2021-12-21 12:53:07.446root 11241100x8000000000000000729728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1003dd71909edcb2021-12-21 12:53:07.446root 11241100x8000000000000000729729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764f39ab3caf00d72021-12-21 12:53:07.447root 11241100x8000000000000000729730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68156e7753d50d3b2021-12-21 12:53:07.447root 11241100x8000000000000000729731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6cd056279925be2021-12-21 12:53:07.447root 11241100x8000000000000000729732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43a2683797424df2021-12-21 12:53:07.447root 11241100x8000000000000000729733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7f0cefea7a8d752021-12-21 12:53:07.447root 11241100x8000000000000000729734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0b3f0a914329a92021-12-21 12:53:07.447root 11241100x8000000000000000729735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a8f83b99ed72b02021-12-21 12:53:07.447root 11241100x8000000000000000729736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1706eba108ecb5a2021-12-21 12:53:07.447root 11241100x8000000000000000729737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab2fbede4000012021-12-21 12:53:07.447root 154100x8000000000000000729738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.831{ec2b6afe-ce33-61c1-e8d6-3ce578550000}10168/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000729739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.833{ec2b6afe-ce33-61c1-e8d6-3ce578550000}10168/bin/lsubuntu 11241100x8000000000000000729740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0e1fb0e17e7dbc2021-12-21 12:53:07.833root 11241100x8000000000000000729741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf66015f1c58582021-12-21 12:53:07.833root 11241100x8000000000000000729742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1a288f1447ac4d2021-12-21 12:53:07.834root 11241100x8000000000000000729743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025dd84eb9729b732021-12-21 12:53:07.834root 11241100x8000000000000000729744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2218d1ae4f0aca2021-12-21 12:53:07.834root 11241100x8000000000000000729745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33744dc00a8da6242021-12-21 12:53:07.834root 11241100x8000000000000000729746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd500db5b58a71b42021-12-21 12:53:07.834root 11241100x8000000000000000729747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07639c80663743d02021-12-21 12:53:07.834root 11241100x8000000000000000729748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4054cec73ceedf2021-12-21 12:53:07.834root 11241100x8000000000000000729749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f9a7f6abe0e2b12021-12-21 12:53:07.835root 11241100x8000000000000000729750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8063cdb11f2ae12021-12-21 12:53:07.835root 11241100x8000000000000000729751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245e4d70620c76f02021-12-21 12:53:07.835root 11241100x8000000000000000729752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108efb7b011b08642021-12-21 12:53:07.836root 11241100x8000000000000000729753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a85dd33bed4dac22021-12-21 12:53:07.836root 11241100x8000000000000000729754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e250c67727efd402021-12-21 12:53:07.836root 11241100x8000000000000000729755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe2f6833bb310c02021-12-21 12:53:07.836root 11241100x8000000000000000729756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf856c8aee15cfc2021-12-21 12:53:07.836root 11241100x8000000000000000729757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2389cda9bf4d82b2021-12-21 12:53:07.836root 11241100x8000000000000000729758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60abab6b9c25334c2021-12-21 12:53:07.837root 11241100x8000000000000000729759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6719a78b099c957b2021-12-21 12:53:07.837root 11241100x8000000000000000729760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70460bc0c84935a82021-12-21 12:53:07.837root 11241100x8000000000000000729761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2792a7f070b879562021-12-21 12:53:07.837root 11241100x8000000000000000729762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571a933b000594a92021-12-21 12:53:07.837root 11241100x8000000000000000729763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0097baeaf422cce92021-12-21 12:53:07.838root 11241100x8000000000000000729764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c1b41d8f48db332021-12-21 12:53:07.838root 11241100x8000000000000000729765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219899c4775c56282021-12-21 12:53:07.838root 11241100x8000000000000000729766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10ebc7de1ec72842021-12-21 12:53:07.838root 11241100x8000000000000000729767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a204d1ad285b0e2021-12-21 12:53:07.838root 11241100x8000000000000000729768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24129044e44049f2021-12-21 12:53:07.838root 11241100x8000000000000000729769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4d81d965642cb62021-12-21 12:53:07.838root 11241100x8000000000000000729770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d05db5f42118aa2021-12-21 12:53:07.839root 11241100x8000000000000000729771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c77665e331072182021-12-21 12:53:07.839root 11241100x8000000000000000729772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0222a1bebba66df2021-12-21 12:53:07.839root 11241100x8000000000000000729773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1068ef3ee64791772021-12-21 12:53:07.839root 11241100x8000000000000000729774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7546c1d84f27e4562021-12-21 12:53:07.839root 11241100x8000000000000000729775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f58810fa896f722021-12-21 12:53:07.839root 11241100x8000000000000000729776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70d00e3c4ef602d2021-12-21 12:53:07.839root 11241100x8000000000000000729777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd7ae441974cc052021-12-21 12:53:07.839root 11241100x8000000000000000729778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb9f150cdccc5c52021-12-21 12:53:07.840root 11241100x8000000000000000729779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a705f5053dfab02021-12-21 12:53:07.840root 11241100x8000000000000000729780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455efb2a35daa56f2021-12-21 12:53:07.840root 11241100x8000000000000000729781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:07.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e3790c34a622892021-12-21 12:53:07.840root 354300x8000000000000000729782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.024{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50624-false10.0.1.12-8000- 11241100x8000000000000000729783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8463e3d142f783f32021-12-21 12:53:08.193root 11241100x8000000000000000729784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5123c7db02660d2021-12-21 12:53:08.193root 11241100x8000000000000000729785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd16e37e0ac1b902021-12-21 12:53:08.194root 11241100x8000000000000000729786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94b81232f0d069e2021-12-21 12:53:08.194root 11241100x8000000000000000729787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd09895d96836af62021-12-21 12:53:08.194root 11241100x8000000000000000729788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb0461d04b8464d2021-12-21 12:53:08.194root 11241100x8000000000000000729789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7732947055c898112021-12-21 12:53:08.194root 11241100x8000000000000000729790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff3e8fad4585e752021-12-21 12:53:08.194root 11241100x8000000000000000729791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4806d1fa95d4a22021-12-21 12:53:08.194root 11241100x8000000000000000729792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f3ffa9a00b58452021-12-21 12:53:08.194root 11241100x8000000000000000729793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e07213028739c762021-12-21 12:53:08.194root 11241100x8000000000000000729794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9528b8d33cbe222021-12-21 12:53:08.194root 11241100x8000000000000000729795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d086bdd6a2ad177f2021-12-21 12:53:08.195root 11241100x8000000000000000729796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fb08d1b4b1a3f72021-12-21 12:53:08.195root 11241100x8000000000000000729797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe1b3b7eebb96182021-12-21 12:53:08.195root 11241100x8000000000000000729798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dc55287809fe372021-12-21 12:53:08.195root 11241100x8000000000000000729799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f91e686a5d88492021-12-21 12:53:08.195root 11241100x8000000000000000729800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0071a0f2c28144812021-12-21 12:53:08.195root 11241100x8000000000000000729801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d518fe38265fa212021-12-21 12:53:08.195root 11241100x8000000000000000729802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f91eb38d4d8d8b92021-12-21 12:53:08.195root 11241100x8000000000000000729803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7a95d88f61a35b2021-12-21 12:53:08.195root 11241100x8000000000000000729804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12ba0bec6aecbf02021-12-21 12:53:08.195root 11241100x8000000000000000729805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c478f3db673a372021-12-21 12:53:08.195root 11241100x8000000000000000729806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd162dc9906afc82021-12-21 12:53:08.196root 11241100x8000000000000000729807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8f48b1dc1c22992021-12-21 12:53:08.196root 11241100x8000000000000000729808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5554912daac6d54d2021-12-21 12:53:08.196root 11241100x8000000000000000729809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37301787698e3f922021-12-21 12:53:08.196root 11241100x8000000000000000729810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d59076d35e819dc2021-12-21 12:53:08.196root 11241100x8000000000000000729811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6ee7f017c07ce22021-12-21 12:53:08.196root 11241100x8000000000000000729812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d84db2bad57a512021-12-21 12:53:08.196root 11241100x8000000000000000729813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63cb858c662ae902021-12-21 12:53:08.196root 11241100x8000000000000000729814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8b97b84a29c5f32021-12-21 12:53:08.196root 11241100x8000000000000000729815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637c97589b61c1f92021-12-21 12:53:08.196root 11241100x8000000000000000729816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead15e7d046f85fc2021-12-21 12:53:08.196root 11241100x8000000000000000729817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747477bbb23c819f2021-12-21 12:53:08.196root 11241100x8000000000000000729818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5fbf6ba6244ff32021-12-21 12:53:08.197root 11241100x8000000000000000729819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930bb5f4cd0d63d12021-12-21 12:53:08.197root 11241100x8000000000000000729820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1131d5c5f96ade22021-12-21 12:53:08.197root 11241100x8000000000000000729821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e020299ce10d34262021-12-21 12:53:08.197root 11241100x8000000000000000729822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8c5a0feaf55ab2021-12-21 12:53:08.197root 11241100x8000000000000000729823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27366186a242a0f82021-12-21 12:53:08.197root 11241100x8000000000000000729824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b419df4019c5262021-12-21 12:53:08.197root 11241100x8000000000000000729825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d00492b53bf592021-12-21 12:53:08.197root 11241100x8000000000000000729826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605800d8e265de152021-12-21 12:53:08.197root 11241100x8000000000000000729827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582ecdf51024471e2021-12-21 12:53:08.694root 11241100x8000000000000000729828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14da9f40d94071e02021-12-21 12:53:08.694root 11241100x8000000000000000729829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9264a8e599733bc12021-12-21 12:53:08.695root 11241100x8000000000000000729830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497ec2aa91fb5cf02021-12-21 12:53:08.695root 11241100x8000000000000000729831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840e928baef8c1322021-12-21 12:53:08.695root 11241100x8000000000000000729832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98634ca0e6265e1e2021-12-21 12:53:08.695root 11241100x8000000000000000729833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9303a679bd35232021-12-21 12:53:08.695root 11241100x8000000000000000729834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7795879e21d195f12021-12-21 12:53:08.695root 11241100x8000000000000000729835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ba8548d38208692021-12-21 12:53:08.695root 11241100x8000000000000000729836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8244660a953a3b862021-12-21 12:53:08.695root 11241100x8000000000000000729837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06d374e937385552021-12-21 12:53:08.695root 11241100x8000000000000000729838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf4e1c45817f732021-12-21 12:53:08.695root 11241100x8000000000000000729839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6876172b55b1a0b2021-12-21 12:53:08.695root 11241100x8000000000000000729840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25db696f07b671702021-12-21 12:53:08.696root 11241100x8000000000000000729841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61fe34db07763792021-12-21 12:53:08.696root 11241100x8000000000000000729842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f1473452d766a92021-12-21 12:53:08.696root 11241100x8000000000000000729843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60cfc81d814a69e2021-12-21 12:53:08.696root 11241100x8000000000000000729844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108a8a8f3d18a16a2021-12-21 12:53:08.696root 11241100x8000000000000000729845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e402a8778a5afe5e2021-12-21 12:53:08.696root 11241100x8000000000000000729846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c945620aedc972021-12-21 12:53:08.696root 11241100x8000000000000000729847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faadcfd56f226df92021-12-21 12:53:08.696root 11241100x8000000000000000729848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78c4ec644b52f92021-12-21 12:53:08.696root 11241100x8000000000000000729849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f94a938c0f83fb2021-12-21 12:53:08.696root 11241100x8000000000000000729850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff56bb53dfd363d2021-12-21 12:53:08.696root 11241100x8000000000000000729851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eda9553c7543c22021-12-21 12:53:08.696root 11241100x8000000000000000729852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dffd1c856a60c72021-12-21 12:53:08.696root 11241100x8000000000000000729853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b06db7de9156f52021-12-21 12:53:08.696root 11241100x8000000000000000729854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0698009d1df5ab2021-12-21 12:53:08.696root 11241100x8000000000000000729855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e8b2b657f835ac2021-12-21 12:53:08.697root 11241100x8000000000000000729856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b25934c04236c7e2021-12-21 12:53:08.697root 11241100x8000000000000000729857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e7728a44e629c72021-12-21 12:53:08.697root 11241100x8000000000000000729858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab4fc55c7ef0c382021-12-21 12:53:08.697root 11241100x8000000000000000729859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5bb1e00b4c64002021-12-21 12:53:08.697root 11241100x8000000000000000729860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499aed4946c7f3f42021-12-21 12:53:08.697root 11241100x8000000000000000729861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5095217a89e6bb2021-12-21 12:53:08.697root 11241100x8000000000000000729862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ae71320f3874862021-12-21 12:53:08.697root 11241100x8000000000000000729863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1612485125058f842021-12-21 12:53:08.697root 11241100x8000000000000000729864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069f915ec3e04df92021-12-21 12:53:08.697root 11241100x8000000000000000729865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd2658e2d8c0f7c2021-12-21 12:53:08.697root 11241100x8000000000000000729866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90090bb481a696a12021-12-21 12:53:08.697root 11241100x8000000000000000729867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22be7d76ef2091082021-12-21 12:53:08.697root 11241100x8000000000000000729868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f3512be42fe0952021-12-21 12:53:08.697root 23542300x8000000000000000729869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000729870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d67a493615733d2021-12-21 12:53:09.132root 11241100x8000000000000000729871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aff7c3f09d986022021-12-21 12:53:09.132root 11241100x8000000000000000729872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5569f90dcc980b7b2021-12-21 12:53:09.132root 11241100x8000000000000000729873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb90cb0021ed64112021-12-21 12:53:09.132root 11241100x8000000000000000729874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb9d61f789df73e2021-12-21 12:53:09.133root 11241100x8000000000000000729875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4134f1a11acdbb72021-12-21 12:53:09.133root 11241100x8000000000000000729876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c774d0701087b062021-12-21 12:53:09.133root 11241100x8000000000000000729877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68218c3a54476812021-12-21 12:53:09.133root 11241100x8000000000000000729878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3feba3d5ed601f2021-12-21 12:53:09.133root 11241100x8000000000000000729879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429ccb66d28843502021-12-21 12:53:09.133root 11241100x8000000000000000729880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f59f8e328e149562021-12-21 12:53:09.133root 11241100x8000000000000000729881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724667e97470870c2021-12-21 12:53:09.133root 11241100x8000000000000000729882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9237c93cc2fc078c2021-12-21 12:53:09.133root 11241100x8000000000000000729883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3885681603247b52021-12-21 12:53:09.134root 11241100x8000000000000000729884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815655a1834e634e2021-12-21 12:53:09.134root 11241100x8000000000000000729885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d470462609afb2d2021-12-21 12:53:09.134root 11241100x8000000000000000729886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236c38c68419611e2021-12-21 12:53:09.134root 11241100x8000000000000000729887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a08ea3bf8b0c992021-12-21 12:53:09.134root 11241100x8000000000000000729888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a868ce4c25910d2021-12-21 12:53:09.134root 11241100x8000000000000000729889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4ff96f228af20b2021-12-21 12:53:09.134root 11241100x8000000000000000729890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2da2504af06eef2021-12-21 12:53:09.135root 11241100x8000000000000000729891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0defc54f8501c42021-12-21 12:53:09.135root 11241100x8000000000000000729892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2af42cd7b7244f2021-12-21 12:53:09.135root 11241100x8000000000000000729893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b017a658112a6c2e2021-12-21 12:53:09.135root 11241100x8000000000000000729894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27f66f4e27f2e5b2021-12-21 12:53:09.135root 11241100x8000000000000000729895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe1b0f0f200d862021-12-21 12:53:09.135root 11241100x8000000000000000729896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d36a32d97ea26ad2021-12-21 12:53:09.135root 11241100x8000000000000000729897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc8fa32a1c27d372021-12-21 12:53:09.135root 11241100x8000000000000000729898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b082ddd0047429f62021-12-21 12:53:09.136root 11241100x8000000000000000729899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedbcc5838c177102021-12-21 12:53:09.136root 11241100x8000000000000000729900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fb44fa42fd4f522021-12-21 12:53:09.136root 11241100x8000000000000000729901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef673ba361d1282021-12-21 12:53:09.136root 11241100x8000000000000000729902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e4bd0f7b6888a82021-12-21 12:53:09.136root 11241100x8000000000000000729903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f521e7a3dbdc385e2021-12-21 12:53:09.136root 11241100x8000000000000000729904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0918503ff0f950b2021-12-21 12:53:09.136root 11241100x8000000000000000729905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029b0255fdd11bb82021-12-21 12:53:09.136root 11241100x8000000000000000729906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a69a13f1579d902021-12-21 12:53:09.136root 11241100x8000000000000000729907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7be74bf385d5ea2021-12-21 12:53:09.136root 11241100x8000000000000000729908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fb9720cd64645f2021-12-21 12:53:09.137root 11241100x8000000000000000729909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdddfe379c41b972021-12-21 12:53:09.137root 11241100x8000000000000000729910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6ceadbe4a4b5762021-12-21 12:53:09.137root 11241100x8000000000000000729911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee69d00d4b9a13022021-12-21 12:53:09.137root 11241100x8000000000000000729912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005be3cc944139752021-12-21 12:53:09.137root 11241100x8000000000000000729913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68571e76a020864c2021-12-21 12:53:09.137root 11241100x8000000000000000729914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ca61cd1cc160ab2021-12-21 12:53:09.137root 11241100x8000000000000000729915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058b1f606eca4acd2021-12-21 12:53:09.138root 11241100x8000000000000000729916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aab2dc5ef2c1b9a2021-12-21 12:53:09.138root 11241100x8000000000000000729917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61360d1ef513512d2021-12-21 12:53:09.138root 11241100x8000000000000000729918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a62eb86729ac462021-12-21 12:53:09.138root 11241100x8000000000000000729919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d173a37ce046c132021-12-21 12:53:09.443root 11241100x8000000000000000729920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c392d532cf22f2021-12-21 12:53:09.443root 11241100x8000000000000000729921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58c8f8ebca019652021-12-21 12:53:09.444root 11241100x8000000000000000729922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33be48493f1d86482021-12-21 12:53:09.444root 11241100x8000000000000000729923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59941ac43c2960a2021-12-21 12:53:09.444root 11241100x8000000000000000729924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2203ae1e77502d082021-12-21 12:53:09.444root 11241100x8000000000000000729925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c8cae1adf768452021-12-21 12:53:09.444root 11241100x8000000000000000729926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de916bc0a32e2822021-12-21 12:53:09.444root 11241100x8000000000000000729927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f047a02d8b80c7312021-12-21 12:53:09.444root 11241100x8000000000000000729928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f223cea30a7c0e2021-12-21 12:53:09.444root 11241100x8000000000000000729929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536ed37369c0d99d2021-12-21 12:53:09.445root 11241100x8000000000000000729930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d00a2c4f2e4ea92021-12-21 12:53:09.445root 11241100x8000000000000000729931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9030d5f5e3c1e4e62021-12-21 12:53:09.445root 11241100x8000000000000000729932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a227f8673a524a2021-12-21 12:53:09.445root 11241100x8000000000000000729933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738d34029f744b072021-12-21 12:53:09.445root 11241100x8000000000000000729934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cfb415d92771822021-12-21 12:53:09.445root 11241100x8000000000000000729935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539091aad6f062762021-12-21 12:53:09.445root 11241100x8000000000000000729936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b088e97a4d658ac2021-12-21 12:53:09.446root 11241100x8000000000000000729937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79418aa70ac1a2c92021-12-21 12:53:09.446root 11241100x8000000000000000729938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa680a88e6a2d4532021-12-21 12:53:09.446root 11241100x8000000000000000729939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b48f66e496d8aa92021-12-21 12:53:09.446root 11241100x8000000000000000729940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b7e58ac484b8ba2021-12-21 12:53:09.446root 11241100x8000000000000000729941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b287cc9b402e0da62021-12-21 12:53:09.446root 11241100x8000000000000000729942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f055d8f7f64a552021-12-21 12:53:09.446root 11241100x8000000000000000729943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8099a2aebf31a1272021-12-21 12:53:09.446root 11241100x8000000000000000729944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08116723f73a4a772021-12-21 12:53:09.446root 11241100x8000000000000000729945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700cd3277f57aaeb2021-12-21 12:53:09.447root 11241100x8000000000000000729946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7dd73229b7fd62021-12-21 12:53:09.447root 11241100x8000000000000000729947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5ed7538afd09072021-12-21 12:53:09.447root 11241100x8000000000000000729948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eddb8a8069678152021-12-21 12:53:09.447root 11241100x8000000000000000729949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab8a4c518d217112021-12-21 12:53:09.447root 11241100x8000000000000000729950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b605ae49ad99f6f72021-12-21 12:53:09.447root 11241100x8000000000000000729951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb25bc6994197942021-12-21 12:53:09.448root 11241100x8000000000000000729952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b01fa4e4d0ca142021-12-21 12:53:09.448root 11241100x8000000000000000729953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef18256b7544c092021-12-21 12:53:09.448root 11241100x8000000000000000729954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8309843ae9b10e2021-12-21 12:53:09.448root 11241100x8000000000000000729955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a2fac8f69037ae2021-12-21 12:53:09.448root 11241100x8000000000000000729956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542bf1af1ce906982021-12-21 12:53:09.448root 11241100x8000000000000000729957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c9f73482a5e9e52021-12-21 12:53:09.448root 11241100x8000000000000000729958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e1ce41a75d39a2021-12-21 12:53:09.449root 11241100x8000000000000000729959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e380ec0d14eb9562021-12-21 12:53:09.449root 11241100x8000000000000000729960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fdf4364b7a6ccd2021-12-21 12:53:09.449root 11241100x8000000000000000729961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b95b297be08e332021-12-21 12:53:09.449root 11241100x8000000000000000729962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbec9d7e95ebb7e2021-12-21 12:53:09.450root 11241100x8000000000000000729963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172f5106cfee3d802021-12-21 12:53:09.450root 11241100x8000000000000000729964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e351042c753973d72021-12-21 12:53:09.450root 11241100x8000000000000000729965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc6c3f375c5049b2021-12-21 12:53:09.450root 11241100x8000000000000000729966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5aeec69f3772812021-12-21 12:53:09.943root 11241100x8000000000000000729967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331f1064d2230b652021-12-21 12:53:09.943root 11241100x8000000000000000729968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d735875cc7533ca32021-12-21 12:53:09.944root 11241100x8000000000000000729969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3810250729e122e2021-12-21 12:53:09.944root 11241100x8000000000000000729970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec7cc05a0ae39662021-12-21 12:53:09.944root 11241100x8000000000000000729971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e25a79a53f2ec32021-12-21 12:53:09.944root 11241100x8000000000000000729972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3a5700edb7a4552021-12-21 12:53:09.944root 11241100x8000000000000000729973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fef029750e29af42021-12-21 12:53:09.944root 11241100x8000000000000000729974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa3a941d089e132021-12-21 12:53:09.944root 11241100x8000000000000000729975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4025dc62f605b12021-12-21 12:53:09.944root 11241100x8000000000000000729976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e165f3eba7b5f5cd2021-12-21 12:53:09.945root 11241100x8000000000000000729977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3376875f332fdc82021-12-21 12:53:09.945root 11241100x8000000000000000729978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6507db6fec754d542021-12-21 12:53:09.945root 11241100x8000000000000000729979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3bae5ca582c1822021-12-21 12:53:09.945root 11241100x8000000000000000729980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf0911f865e860d2021-12-21 12:53:09.945root 11241100x8000000000000000729981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164802b5bdb0536d2021-12-21 12:53:09.945root 11241100x8000000000000000729982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da82429c5561857c2021-12-21 12:53:09.945root 11241100x8000000000000000729983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321f69ba181ce9ff2021-12-21 12:53:09.946root 11241100x8000000000000000729984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92077fedd4864ca2021-12-21 12:53:09.946root 11241100x8000000000000000729985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934e87525a688a532021-12-21 12:53:09.946root 11241100x8000000000000000729986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b861ff18d60ab5d2021-12-21 12:53:09.946root 11241100x8000000000000000729987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1baa96c4bde0ae2021-12-21 12:53:09.946root 11241100x8000000000000000729988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc01815f8a36e942021-12-21 12:53:09.946root 11241100x8000000000000000729989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4a19ff46bfecda2021-12-21 12:53:09.947root 11241100x8000000000000000729990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502f02ab551b7da92021-12-21 12:53:09.947root 11241100x8000000000000000729991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a462241cdeb1d52021-12-21 12:53:09.947root 11241100x8000000000000000729992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb693f20222907de2021-12-21 12:53:09.947root 11241100x8000000000000000729993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456b59fa027ea5b2021-12-21 12:53:09.947root 11241100x8000000000000000729994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c6ec5928e4e9ec2021-12-21 12:53:09.948root 11241100x8000000000000000729995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dffd77dec1ad6ed2021-12-21 12:53:09.948root 11241100x8000000000000000729996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f441f9d33fb0a4b2021-12-21 12:53:09.948root 11241100x8000000000000000729997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048fdf38b43b1aa52021-12-21 12:53:09.948root 11241100x8000000000000000729998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e48ae6fda283822021-12-21 12:53:09.948root 11241100x8000000000000000729999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bb2e7dcb6122a72021-12-21 12:53:09.948root 11241100x8000000000000000730000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d439e7ed59aba62021-12-21 12:53:09.948root 11241100x8000000000000000730001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92da4d679d2efc762021-12-21 12:53:09.948root 11241100x8000000000000000730002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129a446faaea82bd2021-12-21 12:53:09.949root 11241100x8000000000000000730003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84164de6af9053392021-12-21 12:53:09.949root 11241100x8000000000000000730004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4946cfc38ca0ead02021-12-21 12:53:09.949root 11241100x8000000000000000730005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997b788bdd97cc3d2021-12-21 12:53:09.949root 11241100x8000000000000000730006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7458d47b9ea7a8692021-12-21 12:53:09.949root 11241100x8000000000000000730007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899005cf03c2b5172021-12-21 12:53:09.949root 11241100x8000000000000000730008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9843565f032d63b2021-12-21 12:53:09.950root 11241100x8000000000000000730009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af91dbcf974e2d3d2021-12-21 12:53:09.950root 11241100x8000000000000000730010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f51b781afa1af6c2021-12-21 12:53:09.950root 11241100x8000000000000000730011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:09.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5240b7c47bd453432021-12-21 12:53:09.950root 11241100x8000000000000000730012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4901012fe94f02021-12-21 12:53:10.443root 11241100x8000000000000000730013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763bb3553e5377772021-12-21 12:53:10.443root 11241100x8000000000000000730014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b122cf1fc832443d2021-12-21 12:53:10.443root 11241100x8000000000000000730015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d21fcd21b721e6f2021-12-21 12:53:10.443root 11241100x8000000000000000730016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0352a2ba71ad048b2021-12-21 12:53:10.444root 11241100x8000000000000000730017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f88b1b1ebae8162021-12-21 12:53:10.444root 11241100x8000000000000000730018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672300648bcbb3982021-12-21 12:53:10.444root 11241100x8000000000000000730019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfccfe66da123d9f2021-12-21 12:53:10.444root 11241100x8000000000000000730020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818c40579d06aa2f2021-12-21 12:53:10.444root 11241100x8000000000000000730021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dd372c41bbc3b42021-12-21 12:53:10.444root 11241100x8000000000000000730022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5838f0bd4fed272021-12-21 12:53:10.444root 11241100x8000000000000000730023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66773a4b2a2068162021-12-21 12:53:10.444root 11241100x8000000000000000730024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1b34e4881346402021-12-21 12:53:10.445root 11241100x8000000000000000730025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1144466a925f5c72021-12-21 12:53:10.445root 11241100x8000000000000000730026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ab450c1e3bf11d2021-12-21 12:53:10.445root 11241100x8000000000000000730027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33eb48c0030a7e4c2021-12-21 12:53:10.445root 11241100x8000000000000000730028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b2ecf5a9dd1fe2021-12-21 12:53:10.445root 11241100x8000000000000000730029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1306b88b2185382021-12-21 12:53:10.446root 11241100x8000000000000000730030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ff41201e39acbe2021-12-21 12:53:10.446root 11241100x8000000000000000730031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf43b08ccf6b93012021-12-21 12:53:10.446root 11241100x8000000000000000730032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143177fe89b9d7012021-12-21 12:53:10.446root 11241100x8000000000000000730033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909be9836583c24e2021-12-21 12:53:10.447root 11241100x8000000000000000730034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b55d1c70efc4032021-12-21 12:53:10.447root 11241100x8000000000000000730035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ea3d7ba5999ff92021-12-21 12:53:10.448root 11241100x8000000000000000730036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc20939980f6130a2021-12-21 12:53:10.448root 11241100x8000000000000000730037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7094be99b12376002021-12-21 12:53:10.448root 11241100x8000000000000000730038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc78aafce12ea32021-12-21 12:53:10.448root 11241100x8000000000000000730039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c26bec5ac710c462021-12-21 12:53:10.449root 11241100x8000000000000000730040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26db6619dc9c48a2021-12-21 12:53:10.449root 11241100x8000000000000000730041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74a81d876ee41bf2021-12-21 12:53:10.449root 11241100x8000000000000000730042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9178e085eddb9aa02021-12-21 12:53:10.449root 11241100x8000000000000000730043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24d2356187ddc6c2021-12-21 12:53:10.450root 11241100x8000000000000000730044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68184f7d546479662021-12-21 12:53:10.450root 11241100x8000000000000000730045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1babb862b3200f62021-12-21 12:53:10.450root 11241100x8000000000000000730046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c26b286ad8eb7b2021-12-21 12:53:10.450root 11241100x8000000000000000730047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db33fb2e957eb6232021-12-21 12:53:10.451root 11241100x8000000000000000730048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eca8ec69953ae202021-12-21 12:53:10.451root 11241100x8000000000000000730049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e0bb6b8e57dab42021-12-21 12:53:10.451root 11241100x8000000000000000730050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d941c866f69b79832021-12-21 12:53:10.451root 11241100x8000000000000000730051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e03625b28ccb01a2021-12-21 12:53:10.451root 11241100x8000000000000000730052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632ed21927338442021-12-21 12:53:10.451root 11241100x8000000000000000730053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0401ec37037a4652021-12-21 12:53:10.452root 11241100x8000000000000000730054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58922800aa34e1792021-12-21 12:53:10.452root 11241100x8000000000000000730055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a9741fa6c488202021-12-21 12:53:10.452root 11241100x8000000000000000730056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42e596df559e1b82021-12-21 12:53:10.452root 11241100x8000000000000000730057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e21d14797e255aa2021-12-21 12:53:10.452root 11241100x8000000000000000730058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397b995b3ea1b2d2021-12-21 12:53:10.452root 11241100x8000000000000000730059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d1caf96351675d2021-12-21 12:53:10.452root 11241100x8000000000000000730060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299ae09cc177ed192021-12-21 12:53:10.452root 11241100x8000000000000000730061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261d8afc83779b142021-12-21 12:53:10.452root 11241100x8000000000000000730062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7379472b85fcf4372021-12-21 12:53:10.452root 11241100x8000000000000000730063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7f2ae332c1a3342021-12-21 12:53:10.943root 11241100x8000000000000000730064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8e342d715b53172021-12-21 12:53:10.943root 11241100x8000000000000000730065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8af53d1963f7862021-12-21 12:53:10.943root 11241100x8000000000000000730066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5208ecc1021a915f2021-12-21 12:53:10.943root 11241100x8000000000000000730067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510d2f11048dc2022021-12-21 12:53:10.943root 11241100x8000000000000000730068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde92eadee66c902021-12-21 12:53:10.944root 11241100x8000000000000000730069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc4ebe7d78dd4502021-12-21 12:53:10.944root 11241100x8000000000000000730070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0ff7993f9e96ac2021-12-21 12:53:10.944root 11241100x8000000000000000730071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c6868ab4e8f6992021-12-21 12:53:10.944root 11241100x8000000000000000730072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea02edc8b4c6df42021-12-21 12:53:10.944root 11241100x8000000000000000730073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06563840a6a970562021-12-21 12:53:10.944root 11241100x8000000000000000730074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b6aad60a1b47a92021-12-21 12:53:10.944root 11241100x8000000000000000730075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5e9ee14f6fad902021-12-21 12:53:10.944root 11241100x8000000000000000730076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857695ea4a57305e2021-12-21 12:53:10.944root 11241100x8000000000000000730077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b28330af9d5d4a22021-12-21 12:53:10.944root 11241100x8000000000000000730078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148a3acf5209c9c2021-12-21 12:53:10.944root 11241100x8000000000000000730079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df9addef1300b0c2021-12-21 12:53:10.944root 11241100x8000000000000000730080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cdc2c9d7831fd72021-12-21 12:53:10.945root 11241100x8000000000000000730081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11bcd24b45336f12021-12-21 12:53:10.945root 11241100x8000000000000000730082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce83c78437e80ed2021-12-21 12:53:10.945root 11241100x8000000000000000730083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6358bbb587bdd52021-12-21 12:53:10.946root 11241100x8000000000000000730084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7de1659efbd6602021-12-21 12:53:10.946root 11241100x8000000000000000730085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5553cb420db87f2021-12-21 12:53:10.946root 11241100x8000000000000000730086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313619f65fb852a02021-12-21 12:53:10.946root 11241100x8000000000000000730087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31b270ca94a74852021-12-21 12:53:10.946root 11241100x8000000000000000730088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5a19aa3a58a4f02021-12-21 12:53:10.946root 11241100x8000000000000000730089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29fdd0d956653612021-12-21 12:53:10.946root 11241100x8000000000000000730090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f9f96839609ba2021-12-21 12:53:10.946root 11241100x8000000000000000730091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4587e57d5363f2d2021-12-21 12:53:10.946root 11241100x8000000000000000730092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc19eddd2275e022021-12-21 12:53:10.946root 11241100x8000000000000000730093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b1db1a77db22282021-12-21 12:53:10.947root 11241100x8000000000000000730094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ec099bf9ab76a12021-12-21 12:53:10.947root 11241100x8000000000000000730095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f856e8b8b8185d92021-12-21 12:53:10.947root 11241100x8000000000000000730096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d774d4047a26b2021-12-21 12:53:10.947root 11241100x8000000000000000730097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5773bced356d6c0a2021-12-21 12:53:10.947root 11241100x8000000000000000730098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab3bcf40b9721412021-12-21 12:53:10.948root 11241100x8000000000000000730099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0053d3874e90bf2021-12-21 12:53:10.948root 11241100x8000000000000000730100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1b9531d7c3ce092021-12-21 12:53:10.948root 11241100x8000000000000000730101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4b57472914fc962021-12-21 12:53:10.948root 11241100x8000000000000000730102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d309d31798ae472021-12-21 12:53:10.948root 11241100x8000000000000000730103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46526e1a86bd8192021-12-21 12:53:10.948root 11241100x8000000000000000730104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e7ba8d766a11f02021-12-21 12:53:10.948root 11241100x8000000000000000730105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e972414d8b72472021-12-21 12:53:10.948root 11241100x8000000000000000730106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327aa972a0661a112021-12-21 12:53:10.948root 11241100x8000000000000000730107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c296a2e75c3382b72021-12-21 12:53:10.949root 11241100x8000000000000000730108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f9aced3d36b2b82021-12-21 12:53:10.949root 11241100x8000000000000000730109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070d08b2092a27ff2021-12-21 12:53:10.949root 11241100x8000000000000000730110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff0c1b7020bc1c22021-12-21 12:53:10.949root 11241100x8000000000000000730111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f471df6f32ed09c92021-12-21 12:53:10.949root 11241100x8000000000000000730112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d984c754707902a52021-12-21 12:53:10.949root 11241100x8000000000000000730113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f28727e24c679b72021-12-21 12:53:10.949root 11241100x8000000000000000730114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea984ebc8b4f09b92021-12-21 12:53:10.949root 11241100x8000000000000000730115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1baea79e38c49f2021-12-21 12:53:10.949root 11241100x8000000000000000730116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da12b3e59f8eaff2021-12-21 12:53:10.949root 11241100x8000000000000000730117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e28da6889edb7242021-12-21 12:53:10.949root 11241100x8000000000000000730118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3f80eaae1b0e092021-12-21 12:53:10.949root 11241100x8000000000000000730119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb749a1a36534c2021-12-21 12:53:10.949root 11241100x8000000000000000730120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d218ecd426bb9202021-12-21 12:53:10.950root 11241100x8000000000000000730121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a676ec907570072021-12-21 12:53:10.950root 11241100x8000000000000000730122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a3f1661e61b04d2021-12-21 12:53:10.950root 11241100x8000000000000000730123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342b842c87c80e6d2021-12-21 12:53:10.950root 11241100x8000000000000000730124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:10.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e454c99401abe52c2021-12-21 12:53:10.950root 11241100x8000000000000000730125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8ab80d0de1d5702021-12-21 12:53:11.443root 11241100x8000000000000000730126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82a342524e870562021-12-21 12:53:11.443root 11241100x8000000000000000730127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c632ab09d68830f02021-12-21 12:53:11.443root 11241100x8000000000000000730128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37dc5aa0a5387bb2021-12-21 12:53:11.443root 11241100x8000000000000000730129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b81f0357e258fc2021-12-21 12:53:11.444root 11241100x8000000000000000730130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f5df0bdaa921162021-12-21 12:53:11.444root 11241100x8000000000000000730131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7232d2199f29e92021-12-21 12:53:11.444root 11241100x8000000000000000730132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9a1d556e31142b2021-12-21 12:53:11.444root 11241100x8000000000000000730133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95322521ea6573c22021-12-21 12:53:11.444root 11241100x8000000000000000730134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2267a2cd21ad285b2021-12-21 12:53:11.444root 11241100x8000000000000000730135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520142a4110df9302021-12-21 12:53:11.444root 11241100x8000000000000000730136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c58a996bd9532c32021-12-21 12:53:11.445root 11241100x8000000000000000730137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e707a1123899392021-12-21 12:53:11.445root 11241100x8000000000000000730138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9a439a9b50de1a2021-12-21 12:53:11.445root 11241100x8000000000000000730139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a40762673878882021-12-21 12:53:11.445root 11241100x8000000000000000730140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d620210711c858c2021-12-21 12:53:11.448root 11241100x8000000000000000730141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f3305dae83e0202021-12-21 12:53:11.448root 11241100x8000000000000000730142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f80b9dd306b49032021-12-21 12:53:11.448root 11241100x8000000000000000730143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa75de7b3e2e342021-12-21 12:53:11.448root 11241100x8000000000000000730144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438126cdee5447752021-12-21 12:53:11.448root 11241100x8000000000000000730145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb50e94775f67232021-12-21 12:53:11.448root 11241100x8000000000000000730146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44851a68ddc22662021-12-21 12:53:11.448root 11241100x8000000000000000730147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5279ae1c1c490d2021-12-21 12:53:11.448root 11241100x8000000000000000730148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fd5581f2b9fe962021-12-21 12:53:11.449root 11241100x8000000000000000730149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e717dec26edf05082021-12-21 12:53:11.449root 11241100x8000000000000000730150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2098d70d12ace4192021-12-21 12:53:11.449root 11241100x8000000000000000730151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c75f7889774b8c2021-12-21 12:53:11.449root 11241100x8000000000000000730152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bbbedb8d89b4ad2021-12-21 12:53:11.449root 11241100x8000000000000000730153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ae704c56d90df92021-12-21 12:53:11.449root 11241100x8000000000000000730154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ec6672ba389eba2021-12-21 12:53:11.449root 11241100x8000000000000000730155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2286f67f6bbd47dd2021-12-21 12:53:11.449root 11241100x8000000000000000730156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4766a88191d24a2021-12-21 12:53:11.449root 11241100x8000000000000000730157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3a7469cc1260182021-12-21 12:53:11.449root 11241100x8000000000000000730158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdb56e9f2f35cff2021-12-21 12:53:11.449root 11241100x8000000000000000730159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a82e5403e072ae2021-12-21 12:53:11.449root 11241100x8000000000000000730160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925093d1d6262f3e2021-12-21 12:53:11.449root 11241100x8000000000000000730161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df02dd29711c006a2021-12-21 12:53:11.449root 11241100x8000000000000000730162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4081226320dbef82021-12-21 12:53:11.449root 11241100x8000000000000000730163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f75efba9d6132022021-12-21 12:53:11.449root 11241100x8000000000000000730164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0776c5844a622752021-12-21 12:53:11.450root 11241100x8000000000000000730165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c937b07c77557e02021-12-21 12:53:11.450root 11241100x8000000000000000730166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fb650625fb7f142021-12-21 12:53:11.450root 11241100x8000000000000000730167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e250e4650b5fcf782021-12-21 12:53:11.450root 11241100x8000000000000000730168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e5901d554049b72021-12-21 12:53:11.450root 11241100x8000000000000000730169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e477b54265a4af2021-12-21 12:53:11.450root 11241100x8000000000000000730170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d0a93f3bb572122021-12-21 12:53:11.450root 11241100x8000000000000000730171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbdfe176b6a599c2021-12-21 12:53:11.450root 11241100x8000000000000000730172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4b9afc6b46e2532021-12-21 12:53:11.943root 11241100x8000000000000000730173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c92fb9241e288b2021-12-21 12:53:11.943root 11241100x8000000000000000730174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1412de43420831a2021-12-21 12:53:11.943root 11241100x8000000000000000730175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dab1c1d0eeba7d2021-12-21 12:53:11.943root 11241100x8000000000000000730176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3fec17e60aa1c02021-12-21 12:53:11.943root 11241100x8000000000000000730177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8649ef6759714a2021-12-21 12:53:11.944root 11241100x8000000000000000730178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b675bdd078691c2021-12-21 12:53:11.944root 11241100x8000000000000000730179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d091b98d9ce9172021-12-21 12:53:11.944root 11241100x8000000000000000730180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ed4c1f395e5b172021-12-21 12:53:11.944root 11241100x8000000000000000730181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c81833790e5a7f2021-12-21 12:53:11.944root 11241100x8000000000000000730182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970f8d497971635c2021-12-21 12:53:11.944root 11241100x8000000000000000730183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5e626e231a7bbf2021-12-21 12:53:11.944root 11241100x8000000000000000730184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad61325e904478942021-12-21 12:53:11.944root 11241100x8000000000000000730185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5853678536745eb92021-12-21 12:53:11.944root 11241100x8000000000000000730186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b218accfd9deb452021-12-21 12:53:11.944root 11241100x8000000000000000730187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f144e794b3e2f22021-12-21 12:53:11.944root 11241100x8000000000000000730188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b7e40692f97a982021-12-21 12:53:11.944root 11241100x8000000000000000730189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a977760445b7d32021-12-21 12:53:11.946root 11241100x8000000000000000730190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7915b4c93d53ca382021-12-21 12:53:11.946root 11241100x8000000000000000730191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e2de62980ed332021-12-21 12:53:11.946root 11241100x8000000000000000730192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d7f5a521af1a932021-12-21 12:53:11.946root 11241100x8000000000000000730193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b02626ccc1baf4d2021-12-21 12:53:11.946root 11241100x8000000000000000730194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ddd9e435ad36c62021-12-21 12:53:11.946root 11241100x8000000000000000730195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d135b8b6252b782021-12-21 12:53:11.946root 11241100x8000000000000000730196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c526d83aeda5552021-12-21 12:53:11.946root 11241100x8000000000000000730197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66e3dac0f129be32021-12-21 12:53:11.946root 11241100x8000000000000000730198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a183cd6f2fa5ae2021-12-21 12:53:11.946root 11241100x8000000000000000730199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa7b4c7fc849e022021-12-21 12:53:11.947root 11241100x8000000000000000730200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7672769dd4e5222021-12-21 12:53:11.947root 11241100x8000000000000000730201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1369956f0e72ed42021-12-21 12:53:11.947root 11241100x8000000000000000730202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca1ec57ca52891c2021-12-21 12:53:11.947root 11241100x8000000000000000730203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3eca88108562982021-12-21 12:53:11.947root 11241100x8000000000000000730204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2649423aba1b2af82021-12-21 12:53:11.947root 11241100x8000000000000000730205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4570cc6e3c3b4772021-12-21 12:53:11.950root 11241100x8000000000000000730206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e7d1a6c24ec7e42021-12-21 12:53:11.950root 11241100x8000000000000000730207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d67971f9026e1052021-12-21 12:53:11.950root 11241100x8000000000000000730208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35827d4edce684632021-12-21 12:53:11.950root 11241100x8000000000000000730209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a491a315464772021-12-21 12:53:11.950root 11241100x8000000000000000730210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b9c2cc37518c3f2021-12-21 12:53:11.951root 11241100x8000000000000000730211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1913e59f79469602021-12-21 12:53:11.951root 11241100x8000000000000000730212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724257934ea39a622021-12-21 12:53:11.951root 11241100x8000000000000000730213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01bf578e776704d2021-12-21 12:53:11.951root 11241100x8000000000000000730214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ced762a27101c022021-12-21 12:53:11.951root 11241100x8000000000000000730215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e3bfd55ee45b8d2021-12-21 12:53:11.951root 11241100x8000000000000000730216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e535db23d801f4fc2021-12-21 12:53:11.952root 11241100x8000000000000000730217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34a05444c982cd62021-12-21 12:53:11.952root 11241100x8000000000000000730218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec111c837877bbd52021-12-21 12:53:11.952root 11241100x8000000000000000730219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cacb0d982b0c4b92021-12-21 12:53:11.952root 11241100x8000000000000000730220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c28158f34e49072021-12-21 12:53:11.952root 11241100x8000000000000000730221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d829a22592aca2021-12-21 12:53:11.952root 11241100x8000000000000000730222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432dc775626106f52021-12-21 12:53:11.952root 11241100x8000000000000000730223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a563957e34359f42021-12-21 12:53:11.952root 11241100x8000000000000000730224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf0f2cb7a7008092021-12-21 12:53:11.952root 11241100x8000000000000000730225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05b77d6195149792021-12-21 12:53:11.952root 11241100x8000000000000000730226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99bc63415dfc4bc2021-12-21 12:53:11.952root 11241100x8000000000000000730227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ac2c104f0d60e52021-12-21 12:53:12.443root 11241100x8000000000000000730228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e917d2ced5b1902021-12-21 12:53:12.443root 11241100x8000000000000000730229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86abe7954fb24542021-12-21 12:53:12.443root 11241100x8000000000000000730230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d8da5e5e4ae57d2021-12-21 12:53:12.443root 11241100x8000000000000000730231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20fdd71cab6ce772021-12-21 12:53:12.444root 11241100x8000000000000000730232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806e0bcb15b136a32021-12-21 12:53:12.444root 11241100x8000000000000000730233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6008ab5ec47fb1962021-12-21 12:53:12.444root 11241100x8000000000000000730234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6256eb0a7c42b262021-12-21 12:53:12.444root 11241100x8000000000000000730235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a931b51f8a90d78c2021-12-21 12:53:12.444root 11241100x8000000000000000730236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5838bf6f3fbf01502021-12-21 12:53:12.444root 11241100x8000000000000000730237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c766b7278758f9e2021-12-21 12:53:12.444root 11241100x8000000000000000730238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aae4c0228d01662021-12-21 12:53:12.444root 11241100x8000000000000000730239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253051107d888cac2021-12-21 12:53:12.444root 11241100x8000000000000000730240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8515dde010625ff32021-12-21 12:53:12.444root 11241100x8000000000000000730241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd7d3f5fb60430e2021-12-21 12:53:12.444root 11241100x8000000000000000730242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9302c5394bfb422e2021-12-21 12:53:12.444root 11241100x8000000000000000730243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf2ac97615e5fbf2021-12-21 12:53:12.445root 11241100x8000000000000000730244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14575c8f29e292e2021-12-21 12:53:12.445root 11241100x8000000000000000730245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f98664dc5cddc32021-12-21 12:53:12.445root 11241100x8000000000000000730246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e716bd600dc252021-12-21 12:53:12.445root 11241100x8000000000000000730247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312cc6e6524f96d12021-12-21 12:53:12.445root 11241100x8000000000000000730248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaf16dce2d4a5fc2021-12-21 12:53:12.445root 11241100x8000000000000000730249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d634998c5714ac932021-12-21 12:53:12.445root 11241100x8000000000000000730250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1f77e2a77fbbdb2021-12-21 12:53:12.445root 11241100x8000000000000000730251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531a688b0784043a2021-12-21 12:53:12.445root 11241100x8000000000000000730252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0911d3670fcdbfe92021-12-21 12:53:12.445root 11241100x8000000000000000730253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658df469ab20e7132021-12-21 12:53:12.445root 11241100x8000000000000000730254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3355bf407dcccf2021-12-21 12:53:12.445root 11241100x8000000000000000730255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3cfff0d17ad4802021-12-21 12:53:12.446root 11241100x8000000000000000730256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65828843ef30563f2021-12-21 12:53:12.446root 11241100x8000000000000000730257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f52c275f46363d2021-12-21 12:53:12.446root 11241100x8000000000000000730258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309df3836869ff4a2021-12-21 12:53:12.446root 11241100x8000000000000000730259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52779bfed381ee242021-12-21 12:53:12.446root 11241100x8000000000000000730260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bd917890fcc5282021-12-21 12:53:12.446root 11241100x8000000000000000730261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458123697c941bd62021-12-21 12:53:12.446root 11241100x8000000000000000730262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ba5b6d8e11b4f82021-12-21 12:53:12.446root 11241100x8000000000000000730263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff5ff895e8117e82021-12-21 12:53:12.446root 11241100x8000000000000000730264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76486bc130bc2b492021-12-21 12:53:12.446root 11241100x8000000000000000730265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813765fd642597912021-12-21 12:53:12.447root 11241100x8000000000000000730266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c2c17986d2304f2021-12-21 12:53:12.447root 11241100x8000000000000000730267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d8d2a0bdb7bddf2021-12-21 12:53:12.447root 11241100x8000000000000000730268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe43273d400ffe32021-12-21 12:53:12.447root 11241100x8000000000000000730269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9414863da5847e2021-12-21 12:53:12.447root 11241100x8000000000000000730270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af64be75a1f5c8c62021-12-21 12:53:12.447root 11241100x8000000000000000730271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19744e2a3c4457462021-12-21 12:53:12.447root 11241100x8000000000000000730272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872fd22a969fe8482021-12-21 12:53:12.447root 11241100x8000000000000000730273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa859963348d3d152021-12-21 12:53:12.447root 11241100x8000000000000000730274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7471df75c72e432021-12-21 12:53:12.943root 11241100x8000000000000000730275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19862e548c071f12021-12-21 12:53:12.943root 11241100x8000000000000000730276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaefc467a5ffa0a52021-12-21 12:53:12.943root 11241100x8000000000000000730277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864284e43e0c35842021-12-21 12:53:12.943root 11241100x8000000000000000730278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f08cd3b1e3011e42021-12-21 12:53:12.943root 11241100x8000000000000000730279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7278fb100841563f2021-12-21 12:53:12.944root 11241100x8000000000000000730280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c71434109b9eaa2021-12-21 12:53:12.944root 11241100x8000000000000000730281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f7aebbacb23aaa2021-12-21 12:53:12.944root 11241100x8000000000000000730282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a6dc8bbc3b37d2021-12-21 12:53:12.944root 11241100x8000000000000000730283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85f3d6a9937808b2021-12-21 12:53:12.944root 11241100x8000000000000000730284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212b6583e930c4402021-12-21 12:53:12.944root 11241100x8000000000000000730285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccfb14969f4ee1f2021-12-21 12:53:12.944root 11241100x8000000000000000730286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a0d11cce3cf6722021-12-21 12:53:12.944root 11241100x8000000000000000730287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc190825792752c2021-12-21 12:53:12.944root 11241100x8000000000000000730288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7706cbb9f2c5a0d2021-12-21 12:53:12.944root 11241100x8000000000000000730289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9133fcf635a1ae62021-12-21 12:53:12.944root 11241100x8000000000000000730290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77495bd9d9c884042021-12-21 12:53:12.944root 11241100x8000000000000000730291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb11324f690365b42021-12-21 12:53:12.946root 11241100x8000000000000000730292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3d4c382f92886c2021-12-21 12:53:12.946root 11241100x8000000000000000730293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8786642322dc782021-12-21 12:53:12.946root 11241100x8000000000000000730294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfc6e910020c3722021-12-21 12:53:12.946root 11241100x8000000000000000730295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847de1bb906614fe2021-12-21 12:53:12.946root 11241100x8000000000000000730296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06551e4ae5d8415f2021-12-21 12:53:12.946root 11241100x8000000000000000730297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb10d6c36a21eff2021-12-21 12:53:12.946root 11241100x8000000000000000730298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f312b9812b8546b12021-12-21 12:53:12.946root 11241100x8000000000000000730299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7540e59e60dfeb92021-12-21 12:53:12.946root 11241100x8000000000000000730300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1b948dc7a9f8b92021-12-21 12:53:12.946root 11241100x8000000000000000730301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb4a70450a4d47e2021-12-21 12:53:12.946root 11241100x8000000000000000730302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51421a898d070cc2021-12-21 12:53:12.947root 11241100x8000000000000000730303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef05ece45c2a48ec2021-12-21 12:53:12.947root 11241100x8000000000000000730304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee277aa7cc88ccb12021-12-21 12:53:12.947root 11241100x8000000000000000730305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8f10b12acd115b2021-12-21 12:53:12.947root 11241100x8000000000000000730306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90020e1df858877d2021-12-21 12:53:12.947root 11241100x8000000000000000730307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783531f37a526cfd2021-12-21 12:53:12.947root 11241100x8000000000000000730308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7993693b097c8c2021-12-21 12:53:12.947root 11241100x8000000000000000730309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44cdf310119efd82021-12-21 12:53:12.947root 11241100x8000000000000000730310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de829a24c10c18cf2021-12-21 12:53:12.947root 11241100x8000000000000000730311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7a6836d893ed0f2021-12-21 12:53:12.947root 11241100x8000000000000000730312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125d3efa908621172021-12-21 12:53:12.947root 11241100x8000000000000000730313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa65cdb2f97f12cd2021-12-21 12:53:12.947root 11241100x8000000000000000730314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef186852c4c171c2021-12-21 12:53:12.947root 11241100x8000000000000000730315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1db9dc7ca3bddd2021-12-21 12:53:12.947root 11241100x8000000000000000730316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176dbe7dc28099472021-12-21 12:53:12.947root 11241100x8000000000000000730317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c601efb10751172021-12-21 12:53:12.948root 11241100x8000000000000000730318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5c5b836e39d7692021-12-21 12:53:12.948root 11241100x8000000000000000730319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd94c462d250f64c2021-12-21 12:53:12.948root 11241100x8000000000000000730320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6192e6c39a94e5392021-12-21 12:53:12.948root 11241100x8000000000000000730321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c673d46bcf0c12021-12-21 12:53:12.948root 11241100x8000000000000000730322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aa82f3d35c16082021-12-21 12:53:12.948root 11241100x8000000000000000730323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf48a612ead5e8f2021-12-21 12:53:12.948root 11241100x8000000000000000730324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ad1505ac13223e2021-12-21 12:53:12.948root 11241100x8000000000000000730325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe0eb9e2436b2352021-12-21 12:53:12.948root 11241100x8000000000000000730326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b80a0f25524d02021-12-21 12:53:12.948root 354300x8000000000000000730327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50626-false10.0.1.12-8000- 11241100x8000000000000000730328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffb66bedd3399e12021-12-21 12:53:13.443root 11241100x8000000000000000730329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f9c1e875aa803a2021-12-21 12:53:13.443root 11241100x8000000000000000730330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4694ca5b0b98f4da2021-12-21 12:53:13.443root 11241100x8000000000000000730331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545b3e09b66f998b2021-12-21 12:53:13.443root 11241100x8000000000000000730332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d420445ed469d32021-12-21 12:53:13.444root 11241100x8000000000000000730333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289a9232552979182021-12-21 12:53:13.444root 11241100x8000000000000000730334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7b7214ded8c2c42021-12-21 12:53:13.444root 11241100x8000000000000000730335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf28057958a011af2021-12-21 12:53:13.444root 11241100x8000000000000000730336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c514a08fdab39a22021-12-21 12:53:13.444root 11241100x8000000000000000730337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff397ace38e624e42021-12-21 12:53:13.444root 11241100x8000000000000000730338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6dd4c679371b02021-12-21 12:53:13.444root 11241100x8000000000000000730339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b92f6561251399d2021-12-21 12:53:13.444root 11241100x8000000000000000730340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eb5a16be799d2d2021-12-21 12:53:13.444root 11241100x8000000000000000730341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5466770cd742553a2021-12-21 12:53:13.444root 11241100x8000000000000000730342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a37e2acd0be3052021-12-21 12:53:13.445root 11241100x8000000000000000730343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1442ae2b75cec592021-12-21 12:53:13.445root 11241100x8000000000000000730344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd99d5678261c332021-12-21 12:53:13.445root 11241100x8000000000000000730345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d054d90753f81c2f2021-12-21 12:53:13.445root 11241100x8000000000000000730346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d033e5816897ea2021-12-21 12:53:13.445root 11241100x8000000000000000730347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f89cade5202ea692021-12-21 12:53:13.445root 11241100x8000000000000000730348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02edb5870851dbd2021-12-21 12:53:13.445root 11241100x8000000000000000730349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1854a76b4afadaf2021-12-21 12:53:13.445root 11241100x8000000000000000730350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748d2e28aa6176342021-12-21 12:53:13.445root 11241100x8000000000000000730351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2018d649f658ee2021-12-21 12:53:13.445root 11241100x8000000000000000730352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f191c1dc1b8b94e62021-12-21 12:53:13.446root 11241100x8000000000000000730353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705b0a24dfbe51752021-12-21 12:53:13.446root 11241100x8000000000000000730354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05273f80128bee592021-12-21 12:53:13.446root 11241100x8000000000000000730355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f159e45b5d42482021-12-21 12:53:13.446root 11241100x8000000000000000730356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e683bdcad098430a2021-12-21 12:53:13.446root 11241100x8000000000000000730357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd98253ffe590d2021-12-21 12:53:13.446root 11241100x8000000000000000730358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7472d7b90e659c192021-12-21 12:53:13.446root 11241100x8000000000000000730359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5021173a0abc96ab2021-12-21 12:53:13.449root 11241100x8000000000000000730360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408338aefc8df1352021-12-21 12:53:13.449root 11241100x8000000000000000730361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4bbce6a66533de2021-12-21 12:53:13.449root 11241100x8000000000000000730362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4943b8ee34981e2021-12-21 12:53:13.449root 11241100x8000000000000000730363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca4ef0cafff78032021-12-21 12:53:13.449root 11241100x8000000000000000730364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c8542eb054d89a2021-12-21 12:53:13.449root 11241100x8000000000000000730365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1faf451a3930bc62021-12-21 12:53:13.449root 11241100x8000000000000000730366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca35dd65c75cda342021-12-21 12:53:13.449root 11241100x8000000000000000730367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0c56624b50c7d42021-12-21 12:53:13.450root 11241100x8000000000000000730368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d89fc440385f612021-12-21 12:53:13.450root 11241100x8000000000000000730369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d29d48b62da14b2021-12-21 12:53:13.450root 11241100x8000000000000000730370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0325a03aaa9be962021-12-21 12:53:13.450root 11241100x8000000000000000730371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0abef4976945a472021-12-21 12:53:13.450root 11241100x8000000000000000730372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147591fbefc938172021-12-21 12:53:13.450root 11241100x8000000000000000730373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc3775d762b725d2021-12-21 12:53:13.450root 11241100x8000000000000000730374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cb119032b2d5762021-12-21 12:53:13.450root 11241100x8000000000000000730375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecb5f2e3353dbed2021-12-21 12:53:13.450root 11241100x8000000000000000730376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bfdc92b98fec7f2021-12-21 12:53:13.450root 11241100x8000000000000000730377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80811603e4517e152021-12-21 12:53:13.450root 11241100x8000000000000000730378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e438f761a2df70652021-12-21 12:53:13.450root 11241100x8000000000000000730379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ef931248f2a2212021-12-21 12:53:13.451root 11241100x8000000000000000730380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe45546d8b58d1712021-12-21 12:53:13.451root 11241100x8000000000000000730381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6cc10e985359b22021-12-21 12:53:13.451root 11241100x8000000000000000730382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb36a37f9c0de2c2021-12-21 12:53:13.451root 11241100x8000000000000000730383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ccf31fc9c47a5d2021-12-21 12:53:13.451root 11241100x8000000000000000730384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7321594fa97aa9d82021-12-21 12:53:13.943root 11241100x8000000000000000730385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ce2a6264095d492021-12-21 12:53:13.943root 11241100x8000000000000000730386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576c22494d153d292021-12-21 12:53:13.943root 11241100x8000000000000000730387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdd2ae8796a2da82021-12-21 12:53:13.943root 11241100x8000000000000000730388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5a91b6c29e6a7c2021-12-21 12:53:13.944root 11241100x8000000000000000730389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd7b7a508494a552021-12-21 12:53:13.944root 11241100x8000000000000000730390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb058115be08ca142021-12-21 12:53:13.944root 11241100x8000000000000000730391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58108e0ec4bd2a12021-12-21 12:53:13.944root 11241100x8000000000000000730392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2418d3a216fb2932021-12-21 12:53:13.944root 11241100x8000000000000000730393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cdd9d992b61e572021-12-21 12:53:13.944root 11241100x8000000000000000730394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa03189a05a409c2021-12-21 12:53:13.945root 11241100x8000000000000000730395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ce27655595c4992021-12-21 12:53:13.945root 11241100x8000000000000000730396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28bbc79a0953e4c2021-12-21 12:53:13.945root 11241100x8000000000000000730397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf08f8f683318732021-12-21 12:53:13.945root 11241100x8000000000000000730398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ef2ea8497829e72021-12-21 12:53:13.945root 11241100x8000000000000000730399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3986eb7380f785d32021-12-21 12:53:13.945root 11241100x8000000000000000730400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500e5c49c7b79a3b2021-12-21 12:53:13.945root 11241100x8000000000000000730401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817c613a19943cf12021-12-21 12:53:13.945root 11241100x8000000000000000730402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55affaeec2f304d72021-12-21 12:53:13.945root 11241100x8000000000000000730403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0e85074fba076a2021-12-21 12:53:13.946root 11241100x8000000000000000730404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9283fe89460c03b82021-12-21 12:53:13.946root 11241100x8000000000000000730405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587461bb428203152021-12-21 12:53:13.946root 11241100x8000000000000000730406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b8fdb0a0e701722021-12-21 12:53:13.946root 11241100x8000000000000000730407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c80211751061682021-12-21 12:53:13.946root 11241100x8000000000000000730408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9656f56ef981112021-12-21 12:53:13.946root 11241100x8000000000000000730409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a342bd142902672021-12-21 12:53:13.946root 11241100x8000000000000000730410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f5001e2e0414e2021-12-21 12:53:13.946root 11241100x8000000000000000730411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed223c45999e3d82021-12-21 12:53:13.946root 11241100x8000000000000000730412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3ed602c14fe6bf2021-12-21 12:53:13.946root 11241100x8000000000000000730413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef88d2a01ee5ae52021-12-21 12:53:13.946root 11241100x8000000000000000730414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51f69507ab4cc6f2021-12-21 12:53:13.946root 11241100x8000000000000000730415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fa80d1176a941e2021-12-21 12:53:13.946root 11241100x8000000000000000730416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec37daf4b19852e2021-12-21 12:53:13.946root 11241100x8000000000000000730417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677530dd5780a8ee2021-12-21 12:53:13.946root 11241100x8000000000000000730418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c66a603a35996a12021-12-21 12:53:13.946root 11241100x8000000000000000730419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c205497ca85c2be42021-12-21 12:53:13.947root 11241100x8000000000000000730420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5bb426bb1b5ce2021-12-21 12:53:13.947root 11241100x8000000000000000730421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c93534179903d2021-12-21 12:53:13.947root 11241100x8000000000000000730422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3e8b76dbf596ec2021-12-21 12:53:13.947root 11241100x8000000000000000730423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b092a89ab06522021-12-21 12:53:13.947root 11241100x8000000000000000730424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4dbed5c34c09232021-12-21 12:53:13.947root 11241100x8000000000000000730425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb5a2918cd536b32021-12-21 12:53:13.947root 11241100x8000000000000000730426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea05ed146c296772021-12-21 12:53:13.948root 11241100x8000000000000000730427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc1c73d57d9ca592021-12-21 12:53:13.948root 11241100x8000000000000000730428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399cdf438644970c2021-12-21 12:53:13.948root 11241100x8000000000000000730429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b776fb63e94d5282021-12-21 12:53:13.948root 11241100x8000000000000000730430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76edbb5a8688d4982021-12-21 12:53:13.948root 11241100x8000000000000000730431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f973000967b4ad262021-12-21 12:53:13.948root 11241100x8000000000000000730432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545ef0c4dbbe99582021-12-21 12:53:13.948root 11241100x8000000000000000730433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b95998b306d7562021-12-21 12:53:13.948root 11241100x8000000000000000730434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2910f9b2a3e7fed2021-12-21 12:53:13.948root 11241100x8000000000000000730435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb391f5073d4c4f92021-12-21 12:53:13.949root 11241100x8000000000000000730436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba5bf08581867762021-12-21 12:53:14.443root 11241100x8000000000000000730437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35854619d3ee39e52021-12-21 12:53:14.443root 11241100x8000000000000000730438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b51d22ccc7eb7d2021-12-21 12:53:14.443root 11241100x8000000000000000730439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c300db7e19dca68d2021-12-21 12:53:14.443root 11241100x8000000000000000730440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4400e4b7380da6102021-12-21 12:53:14.443root 11241100x8000000000000000730441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553029be6d6198af2021-12-21 12:53:14.443root 11241100x8000000000000000730442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce65017de4150b382021-12-21 12:53:14.443root 11241100x8000000000000000730443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f33dd22a36e3b882021-12-21 12:53:14.444root 11241100x8000000000000000730444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f0eab816f916072021-12-21 12:53:14.444root 11241100x8000000000000000730445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac740ff00924eb2021-12-21 12:53:14.444root 11241100x8000000000000000730446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413844090961b1b02021-12-21 12:53:14.444root 11241100x8000000000000000730447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e670866bf811ebf2021-12-21 12:53:14.444root 11241100x8000000000000000730448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb90540583fe4ae2021-12-21 12:53:14.444root 11241100x8000000000000000730449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97993694fd35ec5f2021-12-21 12:53:14.444root 11241100x8000000000000000730450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adb116f6150c3412021-12-21 12:53:14.444root 11241100x8000000000000000730451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f944b5d8860cf502021-12-21 12:53:14.444root 11241100x8000000000000000730452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88432e84a6bb5d102021-12-21 12:53:14.444root 11241100x8000000000000000730453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e572ce3d81694eb2021-12-21 12:53:14.444root 11241100x8000000000000000730454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3ddb74597d835f2021-12-21 12:53:14.444root 11241100x8000000000000000730455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426bae0818195e172021-12-21 12:53:14.444root 11241100x8000000000000000730456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856cb953d7c47fb2021-12-21 12:53:14.444root 11241100x8000000000000000730457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7680b0f78b15307b2021-12-21 12:53:14.444root 11241100x8000000000000000730458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00622918f19325e2021-12-21 12:53:14.444root 11241100x8000000000000000730459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f754b54161eb552021-12-21 12:53:14.445root 11241100x8000000000000000730460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebc961217b5a0582021-12-21 12:53:14.445root 11241100x8000000000000000730461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac03e144adc36ca62021-12-21 12:53:14.445root 11241100x8000000000000000730462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4c3fac65a962342021-12-21 12:53:14.445root 11241100x8000000000000000730463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4072d957fcbf48502021-12-21 12:53:14.445root 11241100x8000000000000000730464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d0423722cb09962021-12-21 12:53:14.446root 11241100x8000000000000000730465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea2080820833e0f2021-12-21 12:53:14.446root 11241100x8000000000000000730466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45b94fe8931d9e82021-12-21 12:53:14.446root 11241100x8000000000000000730467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d0b24a05e081672021-12-21 12:53:14.446root 11241100x8000000000000000730468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f7b5ded11405d12021-12-21 12:53:14.446root 11241100x8000000000000000730469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19adcf232d4404562021-12-21 12:53:14.446root 11241100x8000000000000000730470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56eaa1797c05a7212021-12-21 12:53:14.446root 11241100x8000000000000000730471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f83ec901c384e5c2021-12-21 12:53:14.447root 11241100x8000000000000000730472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8cf466db00390b2021-12-21 12:53:14.447root 11241100x8000000000000000730473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff6b3be519c97492021-12-21 12:53:14.447root 11241100x8000000000000000730474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7528e2ed4482d9272021-12-21 12:53:14.447root 11241100x8000000000000000730475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f771730b91214c92021-12-21 12:53:14.447root 11241100x8000000000000000730476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88de3d43bf2db59f2021-12-21 12:53:14.447root 11241100x8000000000000000730477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f5168c25f99712021-12-21 12:53:14.448root 11241100x8000000000000000730478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44454d739ee2ff22021-12-21 12:53:14.448root 11241100x8000000000000000730479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9744be1062a7092021-12-21 12:53:14.448root 11241100x8000000000000000730480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5c074089c776912021-12-21 12:53:14.448root 11241100x8000000000000000730481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fad314a3e3de0b2021-12-21 12:53:14.448root 11241100x8000000000000000730482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb8b85ee8b7bf072021-12-21 12:53:14.448root 11241100x8000000000000000730483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83eb5d9a8e5c0032021-12-21 12:53:14.448root 11241100x8000000000000000730484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d31ace0b2afa9f32021-12-21 12:53:14.943root 11241100x8000000000000000730485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f48ce8620e8d45f2021-12-21 12:53:14.943root 11241100x8000000000000000730486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6621aaaa31f7d9302021-12-21 12:53:14.943root 11241100x8000000000000000730487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6d41a15a3b482e2021-12-21 12:53:14.943root 11241100x8000000000000000730488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401596b6684ada162021-12-21 12:53:14.943root 11241100x8000000000000000730489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affdfd1ddab33b852021-12-21 12:53:14.943root 11241100x8000000000000000730490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe23b76cca4bd8f2021-12-21 12:53:14.943root 11241100x8000000000000000730491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e43ee8c2c035e82021-12-21 12:53:14.944root 11241100x8000000000000000730492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f568a5de32f43ad2021-12-21 12:53:14.944root 11241100x8000000000000000730493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4dc0eee60be9422021-12-21 12:53:14.944root 11241100x8000000000000000730494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f26975a920c743f2021-12-21 12:53:14.944root 11241100x8000000000000000730495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c6f7d02c9f8382021-12-21 12:53:14.944root 11241100x8000000000000000730496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146be6824fd71ca82021-12-21 12:53:14.944root 11241100x8000000000000000730497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c7f0de652c24892021-12-21 12:53:14.944root 11241100x8000000000000000730498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2ab51c59f0fae92021-12-21 12:53:14.944root 11241100x8000000000000000730499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e6a99e453751d82021-12-21 12:53:14.944root 11241100x8000000000000000730500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3557e473450035ab2021-12-21 12:53:14.944root 11241100x8000000000000000730501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7b61caa9025d372021-12-21 12:53:14.944root 11241100x8000000000000000730502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0565d814c0c33fa2021-12-21 12:53:14.944root 11241100x8000000000000000730503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7db866125ebea2021-12-21 12:53:14.944root 11241100x8000000000000000730504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f1ff9a937e27612021-12-21 12:53:14.945root 11241100x8000000000000000730505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadfdcb7579908ab2021-12-21 12:53:14.945root 11241100x8000000000000000730506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988edca8da5a48122021-12-21 12:53:14.945root 11241100x8000000000000000730507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c320f860a3c79e6e2021-12-21 12:53:14.945root 11241100x8000000000000000730508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52784acf1cd9529f2021-12-21 12:53:14.945root 11241100x8000000000000000730509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327e62eacc4d06b2021-12-21 12:53:14.945root 11241100x8000000000000000730510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3ab9bfdae19ac52021-12-21 12:53:14.945root 11241100x8000000000000000730511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c3220d81d19af52021-12-21 12:53:14.946root 11241100x8000000000000000730512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709e82e964e56fa42021-12-21 12:53:14.946root 11241100x8000000000000000730513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb624872e30a2b2021-12-21 12:53:14.946root 11241100x8000000000000000730514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a2e4927309e6a2021-12-21 12:53:14.946root 11241100x8000000000000000730515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e267e5add9b4e8e22021-12-21 12:53:14.946root 11241100x8000000000000000730516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a20e83aa55bdc82021-12-21 12:53:14.946root 11241100x8000000000000000730517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc8a5c6f7ad47a72021-12-21 12:53:14.946root 11241100x8000000000000000730518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0354b10429edff2a2021-12-21 12:53:14.946root 11241100x8000000000000000730519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bbfbd9a17160832021-12-21 12:53:14.946root 11241100x8000000000000000730520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc5b934d3670fc2021-12-21 12:53:14.946root 11241100x8000000000000000730521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16820b9d58721fa22021-12-21 12:53:14.946root 11241100x8000000000000000730522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d9ac59ae305f722021-12-21 12:53:14.947root 11241100x8000000000000000730523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ffb5a6e89d4bc42021-12-21 12:53:14.947root 11241100x8000000000000000730524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b41dd49b87a2f212021-12-21 12:53:14.947root 11241100x8000000000000000730525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cccff61141a7342021-12-21 12:53:14.947root 11241100x8000000000000000730526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654aa797b63a8fe12021-12-21 12:53:14.947root 11241100x8000000000000000730527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962bc261208c099b2021-12-21 12:53:14.947root 11241100x8000000000000000730528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b0d6cd979a96a12021-12-21 12:53:14.947root 11241100x8000000000000000730529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc43bc70e327fad2021-12-21 12:53:14.947root 11241100x8000000000000000730530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b244d5a79032a12021-12-21 12:53:14.947root 11241100x8000000000000000730531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f52900a653bcac2021-12-21 12:53:14.947root 11241100x8000000000000000730532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32393113514404272021-12-21 12:53:14.947root 11241100x8000000000000000730533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11b8fa66f67898e2021-12-21 12:53:14.951root 11241100x8000000000000000730534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9770193d2e6446b82021-12-21 12:53:14.952root 11241100x8000000000000000730535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd922ae758c4b42021-12-21 12:53:14.952root 11241100x8000000000000000730536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea50c750b1da4482021-12-21 12:53:14.952root 11241100x8000000000000000730537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9299395eaf3c88ee2021-12-21 12:53:14.952root 11241100x8000000000000000730538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3ae4ac8e4ca2da2021-12-21 12:53:14.952root 11241100x8000000000000000730539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa36813c66d3b1d12021-12-21 12:53:14.952root 11241100x8000000000000000730540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e49e46c91318a92021-12-21 12:53:14.952root 11241100x8000000000000000730541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2efb285ab12a0392021-12-21 12:53:14.952root 11241100x8000000000000000730542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd07c95504f910d92021-12-21 12:53:14.953root 11241100x8000000000000000730543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d1180db9674fc2021-12-21 12:53:14.953root 11241100x8000000000000000730544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1d8565a70f2f912021-12-21 12:53:14.953root 11241100x8000000000000000730545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec24d364bdb7f8e2021-12-21 12:53:14.953root 11241100x8000000000000000730546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d436792090aaba2021-12-21 12:53:14.953root 11241100x8000000000000000730547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c21d58ef4c35c92021-12-21 12:53:14.954root 11241100x8000000000000000730548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d300b04fe813c022021-12-21 12:53:14.954root 11241100x8000000000000000730549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c37e1200c6dd162021-12-21 12:53:14.954root 11241100x8000000000000000730550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ea216a921c56262021-12-21 12:53:14.954root 11241100x8000000000000000730551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4647126d4472e7522021-12-21 12:53:14.954root 11241100x8000000000000000730552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6de61df473920a2021-12-21 12:53:14.954root 11241100x8000000000000000730553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc686f88db432972021-12-21 12:53:14.954root 11241100x8000000000000000730554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f192b1ccb2a71192021-12-21 12:53:14.955root 11241100x8000000000000000730555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9d71d68358090e2021-12-21 12:53:14.955root 11241100x8000000000000000730556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550cb0305f3a02112021-12-21 12:53:14.956root 11241100x8000000000000000730557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ea489ba4a38a722021-12-21 12:53:14.956root 11241100x8000000000000000730558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e856c1c4c515e3322021-12-21 12:53:14.956root 11241100x8000000000000000730559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc34e66f1b06ca572021-12-21 12:53:14.956root 11241100x8000000000000000730560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6703f21de8e2f5f2021-12-21 12:53:14.956root 11241100x8000000000000000730561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3df98dfd8b2ea202021-12-21 12:53:14.956root 11241100x8000000000000000730562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4ebd53ae900b692021-12-21 12:53:14.956root 11241100x8000000000000000730563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61830ff435cc70f02021-12-21 12:53:14.956root 11241100x8000000000000000730564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca61b53233d60b712021-12-21 12:53:14.956root 11241100x8000000000000000730565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6631455d7f83d532021-12-21 12:53:14.956root 11241100x8000000000000000730566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a09addea1bdb41e2021-12-21 12:53:14.957root 11241100x8000000000000000730567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1fcba4b773adbd2021-12-21 12:53:14.957root 11241100x8000000000000000730568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:14.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4038eb2175fac4a72021-12-21 12:53:14.957root 11241100x8000000000000000730569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553f70ea5f8846ce2021-12-21 12:53:15.443root 11241100x8000000000000000730570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de1eb97542248722021-12-21 12:53:15.443root 11241100x8000000000000000730571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5286fad62c1fc8ee2021-12-21 12:53:15.443root 11241100x8000000000000000730572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf8e528d9801cbf2021-12-21 12:53:15.444root 11241100x8000000000000000730573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5ad932f9bcecf82021-12-21 12:53:15.444root 11241100x8000000000000000730574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a201fb18673fd3f92021-12-21 12:53:15.444root 11241100x8000000000000000730575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1aaca61d852d3052021-12-21 12:53:15.444root 11241100x8000000000000000730576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838d58e7b5bfb2742021-12-21 12:53:15.444root 11241100x8000000000000000730577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17afbd435b4ad2282021-12-21 12:53:15.445root 11241100x8000000000000000730578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da53cbeae29dba072021-12-21 12:53:15.445root 11241100x8000000000000000730579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b441be0f3985612021-12-21 12:53:15.445root 11241100x8000000000000000730580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760be4c883f3fde12021-12-21 12:53:15.445root 11241100x8000000000000000730581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b375d39a71497eea2021-12-21 12:53:15.445root 11241100x8000000000000000730582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2264e52c49cd7cc12021-12-21 12:53:15.445root 11241100x8000000000000000730583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee4a1a359761b582021-12-21 12:53:15.445root 11241100x8000000000000000730584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f684441ebf989bbe2021-12-21 12:53:15.445root 11241100x8000000000000000730585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c2cc8eb5849d42021-12-21 12:53:15.445root 11241100x8000000000000000730586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ba7337452248f92021-12-21 12:53:15.445root 11241100x8000000000000000730587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8d7d2b27f83d4f2021-12-21 12:53:15.445root 11241100x8000000000000000730588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97efa2df27f18d052021-12-21 12:53:15.445root 11241100x8000000000000000730589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dab30e9dac78752021-12-21 12:53:15.445root 11241100x8000000000000000730590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567fa489170f246e2021-12-21 12:53:15.445root 11241100x8000000000000000730591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdc66181943b5322021-12-21 12:53:15.446root 11241100x8000000000000000730592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aef07ecd14f3d522021-12-21 12:53:15.446root 11241100x8000000000000000730593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e5304c2d45ed802021-12-21 12:53:15.446root 11241100x8000000000000000730594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa171542134618302021-12-21 12:53:15.446root 11241100x8000000000000000730595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73a0d657e2225712021-12-21 12:53:15.446root 11241100x8000000000000000730596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49e70efc9fa1b9e2021-12-21 12:53:15.446root 11241100x8000000000000000730597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22479e74a445bfe2021-12-21 12:53:15.446root 11241100x8000000000000000730598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3bfab2838b58142021-12-21 12:53:15.446root 11241100x8000000000000000730599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58152547671cfa0b2021-12-21 12:53:15.446root 11241100x8000000000000000730600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cfc90205c859cf2021-12-21 12:53:15.446root 11241100x8000000000000000730601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b330662fd3a7c862021-12-21 12:53:15.446root 11241100x8000000000000000730602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb4c7d2a586c132021-12-21 12:53:15.446root 11241100x8000000000000000730603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3fbd35fd46b8b72021-12-21 12:53:15.446root 11241100x8000000000000000730604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b754013fe8b90c4e2021-12-21 12:53:15.446root 11241100x8000000000000000730605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc24c5286416e7882021-12-21 12:53:15.446root 11241100x8000000000000000730606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe206d87c45da132021-12-21 12:53:15.446root 11241100x8000000000000000730607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8342b8e62361a52021-12-21 12:53:15.447root 11241100x8000000000000000730608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02878a600ed1ca72021-12-21 12:53:15.447root 11241100x8000000000000000730609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf23f745eb77e1162021-12-21 12:53:15.447root 11241100x8000000000000000730610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbd7b13225eeceb2021-12-21 12:53:15.447root 11241100x8000000000000000730611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2749ad368d4befa2021-12-21 12:53:15.447root 11241100x8000000000000000730612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72e34633a59f3d22021-12-21 12:53:15.447root 11241100x8000000000000000730613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4288e233d8b6c5732021-12-21 12:53:15.447root 11241100x8000000000000000730614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e162414634cc642021-12-21 12:53:15.447root 11241100x8000000000000000730615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3204889d9675bc922021-12-21 12:53:15.447root 11241100x8000000000000000730616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5282b43b4c1ace9f2021-12-21 12:53:15.447root 11241100x8000000000000000730617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee7d62193a719dc2021-12-21 12:53:15.448root 11241100x8000000000000000730618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c8e48ad2980ce22021-12-21 12:53:15.448root 11241100x8000000000000000730619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5441473764e6f8242021-12-21 12:53:15.448root 11241100x8000000000000000730620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53570cd46de17ae82021-12-21 12:53:15.448root 11241100x8000000000000000730621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13bcea397074d4e2021-12-21 12:53:15.944root 11241100x8000000000000000730622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851b2c88748ed7fa2021-12-21 12:53:15.944root 11241100x8000000000000000730623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8febe8f70bceaa092021-12-21 12:53:15.944root 11241100x8000000000000000730624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301ea00f945011b22021-12-21 12:53:15.944root 11241100x8000000000000000730625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4109e8f3fe659012021-12-21 12:53:15.944root 11241100x8000000000000000730626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f64312709e7fe22021-12-21 12:53:15.944root 11241100x8000000000000000730627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a3a9ce0cf550d72021-12-21 12:53:15.944root 11241100x8000000000000000730628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dda6e874af450462021-12-21 12:53:15.944root 11241100x8000000000000000730629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bbbd944c4a92f62021-12-21 12:53:15.944root 11241100x8000000000000000730630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05e993b0738b8122021-12-21 12:53:15.944root 11241100x8000000000000000730631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ec67366906a6a52021-12-21 12:53:15.944root 11241100x8000000000000000730632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a0a386c655d1842021-12-21 12:53:15.944root 11241100x8000000000000000730633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455cb9c83bbbe5252021-12-21 12:53:15.945root 11241100x8000000000000000730634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71197059fe60974b2021-12-21 12:53:15.945root 11241100x8000000000000000730635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b7861f5ddd12d02021-12-21 12:53:15.945root 11241100x8000000000000000730636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17062f206faa40eb2021-12-21 12:53:15.945root 11241100x8000000000000000730637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1401d1b73645f8c2021-12-21 12:53:15.945root 11241100x8000000000000000730638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850425b913b0f6072021-12-21 12:53:15.945root 11241100x8000000000000000730639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e4b1608f159a782021-12-21 12:53:15.945root 11241100x8000000000000000730640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd72f278ba665d262021-12-21 12:53:15.945root 11241100x8000000000000000730641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7ea47b768aba632021-12-21 12:53:15.945root 11241100x8000000000000000730642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e71443fd0d30ef2021-12-21 12:53:15.945root 11241100x8000000000000000730643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a47a6e16d9fe292021-12-21 12:53:15.945root 11241100x8000000000000000730644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc456ce3a95e0a682021-12-21 12:53:15.945root 11241100x8000000000000000730645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b7cb0a8a5316d52021-12-21 12:53:15.945root 11241100x8000000000000000730646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1bd214c47bf8302021-12-21 12:53:15.945root 11241100x8000000000000000730647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405309191af33a532021-12-21 12:53:15.946root 11241100x8000000000000000730648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f2c7a4f509712f2021-12-21 12:53:15.946root 11241100x8000000000000000730649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717d5d275a0cbd052021-12-21 12:53:15.946root 11241100x8000000000000000730650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040a5bb43a3a56272021-12-21 12:53:15.946root 11241100x8000000000000000730651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe86b81b4ae8d08e2021-12-21 12:53:15.946root 11241100x8000000000000000730652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447072cf26dc85152021-12-21 12:53:15.946root 11241100x8000000000000000730653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9779ab4a56f2022021-12-21 12:53:15.946root 11241100x8000000000000000730654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c162fc9aa81adae2021-12-21 12:53:15.946root 11241100x8000000000000000730655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f3ba92ea21fbe2021-12-21 12:53:15.946root 11241100x8000000000000000730656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c62e797826559f2021-12-21 12:53:15.946root 11241100x8000000000000000730657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eeac51c8ffa28832021-12-21 12:53:15.946root 11241100x8000000000000000730658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def20eadfcc687712021-12-21 12:53:15.946root 11241100x8000000000000000730659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981fd3013ebb32832021-12-21 12:53:15.946root 11241100x8000000000000000730660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfcb01678eaf96f2021-12-21 12:53:15.946root 11241100x8000000000000000730661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09eaf1511bb249aa2021-12-21 12:53:15.946root 11241100x8000000000000000730662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d374d75c2bc0dc12021-12-21 12:53:15.946root 11241100x8000000000000000730663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18242305710c0842021-12-21 12:53:15.946root 11241100x8000000000000000730664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a54982ee1cc88732021-12-21 12:53:15.947root 11241100x8000000000000000730665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d5d9a00469bec62021-12-21 12:53:16.443root 11241100x8000000000000000730666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b6105dec5a32122021-12-21 12:53:16.443root 11241100x8000000000000000730667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b577a820a390bba2021-12-21 12:53:16.443root 11241100x8000000000000000730668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7975679844a266d12021-12-21 12:53:16.443root 11241100x8000000000000000730669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd0d0798453a992021-12-21 12:53:16.444root 11241100x8000000000000000730670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7eb140c41c3c2ae2021-12-21 12:53:16.444root 11241100x8000000000000000730671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e628042e3da523a92021-12-21 12:53:16.444root 11241100x8000000000000000730672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c0815a9720863c2021-12-21 12:53:16.444root 11241100x8000000000000000730673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf6d804694f4c502021-12-21 12:53:16.444root 11241100x8000000000000000730674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9bb446f45d7a692021-12-21 12:53:16.444root 11241100x8000000000000000730675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97c6c3b5733a43a2021-12-21 12:53:16.444root 11241100x8000000000000000730676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2b7918277eaea12021-12-21 12:53:16.444root 11241100x8000000000000000730677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f62efeb93debec2021-12-21 12:53:16.444root 11241100x8000000000000000730678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2885db259ec0968b2021-12-21 12:53:16.444root 11241100x8000000000000000730679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acdaf29c404b6922021-12-21 12:53:16.444root 11241100x8000000000000000730680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f033ffd7824023f42021-12-21 12:53:16.444root 11241100x8000000000000000730681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d57df807faf6ef2021-12-21 12:53:16.444root 11241100x8000000000000000730682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e09fd5fbdb64512021-12-21 12:53:16.444root 11241100x8000000000000000730683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b35bb85b54ec3ed2021-12-21 12:53:16.444root 11241100x8000000000000000730684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f758e77c613658b2021-12-21 12:53:16.444root 11241100x8000000000000000730685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ed67aadf48825e2021-12-21 12:53:16.445root 11241100x8000000000000000730686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bea4d0537e5b47e2021-12-21 12:53:16.445root 11241100x8000000000000000730687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9060b30530bee32b2021-12-21 12:53:16.445root 11241100x8000000000000000730688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c09bd57a25e9532021-12-21 12:53:16.445root 11241100x8000000000000000730689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70235abe723acb752021-12-21 12:53:16.445root 11241100x8000000000000000730690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f73e359a632f2e2021-12-21 12:53:16.445root 11241100x8000000000000000730691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4844e6227595f62021-12-21 12:53:16.445root 11241100x8000000000000000730692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a2bf4b67fcce252021-12-21 12:53:16.445root 11241100x8000000000000000730693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f610c44d134f172021-12-21 12:53:16.445root 11241100x8000000000000000730694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776cf9e6738be1aa2021-12-21 12:53:16.445root 11241100x8000000000000000730695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdbab4a912fbea12021-12-21 12:53:16.445root 11241100x8000000000000000730696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5191482987f64e3d2021-12-21 12:53:16.445root 11241100x8000000000000000730697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd85b6c4320d16e32021-12-21 12:53:16.445root 11241100x8000000000000000730698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66c8ef227faf24f2021-12-21 12:53:16.445root 11241100x8000000000000000730699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9fda81d1dd0a7c2021-12-21 12:53:16.445root 11241100x8000000000000000730700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0958443fee1dd11d2021-12-21 12:53:16.445root 11241100x8000000000000000730701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afcbcf33be2585c2021-12-21 12:53:16.445root 11241100x8000000000000000730702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226ce08a9753b1c92021-12-21 12:53:16.446root 11241100x8000000000000000730703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de08f982ce57f492021-12-21 12:53:16.446root 11241100x8000000000000000730704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d125996177b0192021-12-21 12:53:16.446root 11241100x8000000000000000730705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b350b0e6d33bbe2021-12-21 12:53:16.446root 11241100x8000000000000000730706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd993b724b25773b2021-12-21 12:53:16.446root 11241100x8000000000000000730707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680adc069f8e5bca2021-12-21 12:53:16.446root 11241100x8000000000000000730708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b019799ca27ef3a92021-12-21 12:53:16.446root 11241100x8000000000000000730709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e833a05bae0a198d2021-12-21 12:53:16.446root 11241100x8000000000000000730710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838798511024f88b2021-12-21 12:53:16.446root 11241100x8000000000000000730711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4266c4d483b3572021-12-21 12:53:16.446root 11241100x8000000000000000730712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25da6cfae94f725e2021-12-21 12:53:16.446root 11241100x8000000000000000730713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b3f832149521d92021-12-21 12:53:16.446root 11241100x8000000000000000730714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4530280e4eafd82021-12-21 12:53:16.446root 11241100x8000000000000000730715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cd47ed0b637e172021-12-21 12:53:16.446root 11241100x8000000000000000730716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acab8904a8cd9722021-12-21 12:53:16.447root 11241100x8000000000000000730717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4469eff61cef4942021-12-21 12:53:16.447root 11241100x8000000000000000730718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e1ad25df3ac6d32021-12-21 12:53:16.447root 11241100x8000000000000000730719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6d886fd88ebb3a2021-12-21 12:53:16.447root 11241100x8000000000000000730720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3047a103838d352021-12-21 12:53:16.447root 11241100x8000000000000000730721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82acdbe72cde14462021-12-21 12:53:16.447root 11241100x8000000000000000730722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3515325b2ffa7b722021-12-21 12:53:16.447root 11241100x8000000000000000730723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7067579e9d50e0562021-12-21 12:53:16.943root 11241100x8000000000000000730724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417b416ebd26e8062021-12-21 12:53:16.943root 11241100x8000000000000000730725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c907e13790f461b2021-12-21 12:53:16.943root 11241100x8000000000000000730726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435f09b31008c11b2021-12-21 12:53:16.943root 11241100x8000000000000000730727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cef8c58e73f84d2021-12-21 12:53:16.944root 11241100x8000000000000000730728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252ac5f773d5f0772021-12-21 12:53:16.944root 11241100x8000000000000000730729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f203b6e7fc911ab62021-12-21 12:53:16.944root 11241100x8000000000000000730730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768198762e2149262021-12-21 12:53:16.946root 11241100x8000000000000000730731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be1db81692409a62021-12-21 12:53:16.946root 11241100x8000000000000000730732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94a2689b9255c712021-12-21 12:53:16.946root 11241100x8000000000000000730733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ee7bcb6091c692021-12-21 12:53:16.946root 11241100x8000000000000000730734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9e2f28e3929a6c2021-12-21 12:53:16.946root 11241100x8000000000000000730735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572618af22def53e2021-12-21 12:53:16.946root 11241100x8000000000000000730736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4818d3bb22fdd62021-12-21 12:53:16.946root 11241100x8000000000000000730737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4838820cab7ab442021-12-21 12:53:16.947root 11241100x8000000000000000730738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a7f506f0bb2f62021-12-21 12:53:16.947root 11241100x8000000000000000730739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ea1c09faf1a2792021-12-21 12:53:16.947root 11241100x8000000000000000730740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15242de4f7e9b5b72021-12-21 12:53:16.947root 11241100x8000000000000000730741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306d9af805f11c982021-12-21 12:53:16.947root 11241100x8000000000000000730742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b27de766449b242021-12-21 12:53:16.947root 11241100x8000000000000000730743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5573441e8361b94b2021-12-21 12:53:16.947root 11241100x8000000000000000730744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3c0fb5712926372021-12-21 12:53:16.947root 11241100x8000000000000000730745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f711a7b5d3012bc02021-12-21 12:53:16.947root 11241100x8000000000000000730746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa780e69528fed932021-12-21 12:53:16.947root 11241100x8000000000000000730747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bc660118260382021-12-21 12:53:16.947root 11241100x8000000000000000730748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8f01c0963ce8982021-12-21 12:53:16.947root 11241100x8000000000000000730749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fadcd49f7df272a2021-12-21 12:53:16.948root 11241100x8000000000000000730750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b0bf5c61e000282021-12-21 12:53:16.948root 11241100x8000000000000000730751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099f3495030f6df92021-12-21 12:53:16.948root 11241100x8000000000000000730752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749591cb92f555d82021-12-21 12:53:16.948root 11241100x8000000000000000730753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac81d6fc8fcefa5e2021-12-21 12:53:16.948root 11241100x8000000000000000730754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa1cd3839aa14f02021-12-21 12:53:16.948root 11241100x8000000000000000730755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408cc0d4d912bddf2021-12-21 12:53:16.948root 11241100x8000000000000000730756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9c4ec25dc8d2702021-12-21 12:53:16.948root 11241100x8000000000000000730757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a58ec48ca8992d2021-12-21 12:53:16.948root 11241100x8000000000000000730758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68b93b9ab27c6462021-12-21 12:53:16.948root 11241100x8000000000000000730759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012305ef5fcac33c2021-12-21 12:53:16.948root 11241100x8000000000000000730760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9906a04573dfe0602021-12-21 12:53:16.948root 11241100x8000000000000000730761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5720c8569f67e1e32021-12-21 12:53:16.948root 11241100x8000000000000000730762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a5031adb0b0ce52021-12-21 12:53:16.948root 11241100x8000000000000000730763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4580cc2a78fbfccb2021-12-21 12:53:16.948root 11241100x8000000000000000730764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8546e66c2796f12021-12-21 12:53:16.949root 11241100x8000000000000000730765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cee732f049505682021-12-21 12:53:16.949root 11241100x8000000000000000730766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ba0ae4567563e2021-12-21 12:53:16.949root 11241100x8000000000000000730767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe479e193c63e492021-12-21 12:53:16.949root 11241100x8000000000000000730768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece46504ce8da04c2021-12-21 12:53:16.949root 11241100x8000000000000000730769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b69f6adc8e2275d2021-12-21 12:53:16.949root 11241100x8000000000000000730770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912c46e3f46248e52021-12-21 12:53:16.949root 11241100x8000000000000000730771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c4930cf8154f352021-12-21 12:53:16.949root 11241100x8000000000000000730772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647cb87193d325c42021-12-21 12:53:16.949root 11241100x8000000000000000730773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a27fae5055644e2021-12-21 12:53:16.949root 11241100x8000000000000000730774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aac3c3a9450e2e52021-12-21 12:53:17.443root 11241100x8000000000000000730775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444a36019507f9a82021-12-21 12:53:17.443root 11241100x8000000000000000730776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a462d634cefc5e3c2021-12-21 12:53:17.443root 11241100x8000000000000000730777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da45a7973407c5a2021-12-21 12:53:17.443root 11241100x8000000000000000730778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb764784e537dbe2021-12-21 12:53:17.443root 11241100x8000000000000000730779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb5dedede28962a2021-12-21 12:53:17.443root 11241100x8000000000000000730780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c236577d84dedd2021-12-21 12:53:17.443root 11241100x8000000000000000730781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58ddb8f76dc40862021-12-21 12:53:17.443root 11241100x8000000000000000730782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3293836f4fa98d62021-12-21 12:53:17.444root 11241100x8000000000000000730783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4be495c0447727a2021-12-21 12:53:17.444root 11241100x8000000000000000730784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14aab0b5dba5db92021-12-21 12:53:17.444root 11241100x8000000000000000730785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040ccdcb29e654902021-12-21 12:53:17.444root 11241100x8000000000000000730786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08aa61f3cdd89772021-12-21 12:53:17.444root 11241100x8000000000000000730787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abd0d2b5d2ec3b62021-12-21 12:53:17.444root 11241100x8000000000000000730788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d862bf2f64c9b42021-12-21 12:53:17.444root 11241100x8000000000000000730789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f795c1e4fc04eae2021-12-21 12:53:17.444root 11241100x8000000000000000730790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc36f6a21e2c7d6a2021-12-21 12:53:17.445root 11241100x8000000000000000730791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ce75dfdf7bea502021-12-21 12:53:17.445root 11241100x8000000000000000730792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b41b4a39d7485ae2021-12-21 12:53:17.445root 11241100x8000000000000000730793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23a520ef630b8832021-12-21 12:53:17.445root 11241100x8000000000000000730794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733dea57842ec6292021-12-21 12:53:17.445root 11241100x8000000000000000730795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43080fcb0e7e555a2021-12-21 12:53:17.445root 11241100x8000000000000000730796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100028ae254d19c52021-12-21 12:53:17.445root 11241100x8000000000000000730797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3ea42a5929f9b52021-12-21 12:53:17.445root 11241100x8000000000000000730798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4a9f4a45ccd4c22021-12-21 12:53:17.446root 11241100x8000000000000000730799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b071407d835c02c2021-12-21 12:53:17.446root 11241100x8000000000000000730800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4574e8a46af5e0f82021-12-21 12:53:17.446root 11241100x8000000000000000730801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28115f47af75c7fa2021-12-21 12:53:17.446root 11241100x8000000000000000730802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36039dc70ea199f2021-12-21 12:53:17.446root 11241100x8000000000000000730803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c23f83eb7f418742021-12-21 12:53:17.446root 11241100x8000000000000000730804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33d0fb0c16b45862021-12-21 12:53:17.446root 11241100x8000000000000000730805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114cde3e40cfa64d2021-12-21 12:53:17.446root 11241100x8000000000000000730806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff8fd70526aa0c42021-12-21 12:53:17.447root 11241100x8000000000000000730807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b46556cfe54e7c2021-12-21 12:53:17.447root 11241100x8000000000000000730808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ad45310fe80f772021-12-21 12:53:17.447root 11241100x8000000000000000730809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce10f87f1c610e2021-12-21 12:53:17.447root 11241100x8000000000000000730810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf3610a6078e1322021-12-21 12:53:17.447root 11241100x8000000000000000730811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe85f8f2cce7776d2021-12-21 12:53:17.447root 11241100x8000000000000000730812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4a51692b96cb4a2021-12-21 12:53:17.447root 11241100x8000000000000000730813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d05c518167be662021-12-21 12:53:17.447root 11241100x8000000000000000730814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034d940e44aa00132021-12-21 12:53:17.447root 11241100x8000000000000000730815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c2968d1ad971692021-12-21 12:53:17.448root 11241100x8000000000000000730816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8df28373d176652021-12-21 12:53:17.448root 11241100x8000000000000000730817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b5eb76c16678792021-12-21 12:53:17.448root 11241100x8000000000000000730818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fd71211a66b0772021-12-21 12:53:17.448root 11241100x8000000000000000730819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b12dba10c290122021-12-21 12:53:17.448root 11241100x8000000000000000730820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff48af391e0c20082021-12-21 12:53:17.448root 11241100x8000000000000000730821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c235c40b332f9aca2021-12-21 12:53:17.448root 11241100x8000000000000000730822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8300eba8cec0f872021-12-21 12:53:17.448root 11241100x8000000000000000730823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57703362fe8cf192021-12-21 12:53:17.449root 11241100x8000000000000000730824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746b83b685ee41c32021-12-21 12:53:17.449root 11241100x8000000000000000730825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e10caeedf5be0bb2021-12-21 12:53:17.449root 11241100x8000000000000000730826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ac1d4ebdb6b95e2021-12-21 12:53:17.449root 11241100x8000000000000000730827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac75105ba3550f32021-12-21 12:53:17.449root 11241100x8000000000000000730828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5f689eafa05fbe2021-12-21 12:53:17.449root 11241100x8000000000000000730829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705f153b850c01b62021-12-21 12:53:17.449root 11241100x8000000000000000730830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e615c15b1f0c02021-12-21 12:53:17.449root 11241100x8000000000000000730831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c09c4067091608f2021-12-21 12:53:17.450root 11241100x8000000000000000730832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595393f6bd5e61e32021-12-21 12:53:17.450root 11241100x8000000000000000730833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6df2fcfabf3fc22021-12-21 12:53:17.450root 11241100x8000000000000000730834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fae29dc8a105d542021-12-21 12:53:17.450root 11241100x8000000000000000730835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b082fb7e3930b6af2021-12-21 12:53:17.450root 11241100x8000000000000000730836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5ee171aa0c0d62021-12-21 12:53:17.450root 11241100x8000000000000000730837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b2ad38ceb4b6252021-12-21 12:53:17.450root 11241100x8000000000000000730838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa47e13ae36bd252021-12-21 12:53:17.450root 11241100x8000000000000000730839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5d523faa3234e12021-12-21 12:53:17.451root 11241100x8000000000000000730840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c672e82604e0a1002021-12-21 12:53:17.451root 11241100x8000000000000000730841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa285ee5f5cf59bd2021-12-21 12:53:17.451root 11241100x8000000000000000730842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3fdf4d27c27af12021-12-21 12:53:17.451root 11241100x8000000000000000730843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db588bfc4e21c9d62021-12-21 12:53:17.451root 11241100x8000000000000000730844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d36aa4da75c47542021-12-21 12:53:17.451root 11241100x8000000000000000730845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69da1e25f869b782021-12-21 12:53:17.451root 11241100x8000000000000000730846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed35f6f9523d6ce2021-12-21 12:53:17.452root 11241100x8000000000000000730847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f96284058687422021-12-21 12:53:17.452root 11241100x8000000000000000730848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50f13d7913e0e702021-12-21 12:53:17.452root 11241100x8000000000000000730849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766c024c646470ce2021-12-21 12:53:17.452root 11241100x8000000000000000730850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab067376797a98f2021-12-21 12:53:17.452root 11241100x8000000000000000730851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a092e82037eac32021-12-21 12:53:17.452root 11241100x8000000000000000730852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803b7312bf7a2bfd2021-12-21 12:53:17.452root 11241100x8000000000000000730853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11285d035b2693f2021-12-21 12:53:17.452root 11241100x8000000000000000730854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d28d79f0019c9162021-12-21 12:53:17.452root 11241100x8000000000000000730855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0113a4f73a3ac7162021-12-21 12:53:17.453root 11241100x8000000000000000730856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e83df27580085082021-12-21 12:53:17.943root 11241100x8000000000000000730857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf062c7bbc6e5362021-12-21 12:53:17.943root 11241100x8000000000000000730858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76582011a2376f282021-12-21 12:53:17.943root 11241100x8000000000000000730859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb6d5a8a0717ad42021-12-21 12:53:17.943root 11241100x8000000000000000730860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8172746bcf947932021-12-21 12:53:17.943root 11241100x8000000000000000730861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ed66441abe3d7e2021-12-21 12:53:17.944root 11241100x8000000000000000730862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91e0b3450ccd4012021-12-21 12:53:17.944root 11241100x8000000000000000730863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c51c0a96ea3dce2021-12-21 12:53:17.944root 11241100x8000000000000000730864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edcdbf71e236e0c2021-12-21 12:53:17.944root 11241100x8000000000000000730865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bbf29c8b627f372021-12-21 12:53:17.944root 11241100x8000000000000000730866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f865d13113b353c2021-12-21 12:53:17.944root 11241100x8000000000000000730867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f20174c61cbe172021-12-21 12:53:17.944root 11241100x8000000000000000730868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5083cb4789c1f702021-12-21 12:53:17.945root 11241100x8000000000000000730869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db7e30a370fe6d22021-12-21 12:53:17.945root 11241100x8000000000000000730870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5528758d5ed26e662021-12-21 12:53:17.945root 11241100x8000000000000000730871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03c20041fc62332021-12-21 12:53:17.945root 11241100x8000000000000000730872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04af7916fa70c90d2021-12-21 12:53:17.945root 11241100x8000000000000000730873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba35a77e785af552021-12-21 12:53:17.946root 11241100x8000000000000000730874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cd4df4ee9cb4892021-12-21 12:53:17.946root 11241100x8000000000000000730875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cbb2918c99ecae2021-12-21 12:53:17.946root 11241100x8000000000000000730876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3378bfa162b2c72021-12-21 12:53:17.946root 11241100x8000000000000000730877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf1e06ceebdf7342021-12-21 12:53:17.946root 11241100x8000000000000000730878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5cc1d943195e7c2021-12-21 12:53:17.946root 11241100x8000000000000000730879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb93b13c6cba87902021-12-21 12:53:17.946root 11241100x8000000000000000730880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2427feddb4d76b62021-12-21 12:53:17.946root 11241100x8000000000000000730881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8091309f7d349362021-12-21 12:53:17.946root 11241100x8000000000000000730882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4991670b1e123dff2021-12-21 12:53:17.946root 11241100x8000000000000000730883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fb856bdfc8df252021-12-21 12:53:17.946root 11241100x8000000000000000730884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1910b66cb692f92021-12-21 12:53:17.946root 11241100x8000000000000000730885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7dc0fcf51ba3b62021-12-21 12:53:17.946root 11241100x8000000000000000730886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0548e39a0b86ca2021-12-21 12:53:17.946root 11241100x8000000000000000730887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e558d87a882fb5fa2021-12-21 12:53:17.946root 11241100x8000000000000000730888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4c3054d7af456e2021-12-21 12:53:17.946root 11241100x8000000000000000730889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ab3e888f86331d2021-12-21 12:53:17.947root 11241100x8000000000000000730890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc580aef24d1b0d52021-12-21 12:53:17.947root 11241100x8000000000000000730891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac6a1fce157efb2021-12-21 12:53:17.947root 11241100x8000000000000000730892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d845be7afe6767652021-12-21 12:53:17.947root 11241100x8000000000000000730893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e0e5988233e54d2021-12-21 12:53:17.947root 11241100x8000000000000000730894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb53ab0cc14fb852021-12-21 12:53:17.947root 11241100x8000000000000000730895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9635f5d47a3e15962021-12-21 12:53:17.947root 11241100x8000000000000000730896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f9c1b622e36e2a2021-12-21 12:53:17.947root 11241100x8000000000000000730897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9df1bb3cadf1f32021-12-21 12:53:17.947root 11241100x8000000000000000730898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccba0f8ab5917492021-12-21 12:53:17.947root 11241100x8000000000000000730899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf49ff15c4ceaee2021-12-21 12:53:17.947root 11241100x8000000000000000730900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a82f84e7cac1bb2021-12-21 12:53:17.948root 11241100x8000000000000000730901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d421084b9b914d2021-12-21 12:53:17.948root 11241100x8000000000000000730902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab708fae2655bc32021-12-21 12:53:17.948root 11241100x8000000000000000730903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3063da350f444a2021-12-21 12:53:17.948root 11241100x8000000000000000730904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46159f6db93d53c2021-12-21 12:53:17.948root 11241100x8000000000000000730905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca57675306fa78262021-12-21 12:53:17.948root 11241100x8000000000000000730906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f2608a597ae9982021-12-21 12:53:17.948root 11241100x8000000000000000730907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb88f08e00b4f1c42021-12-21 12:53:17.948root 11241100x8000000000000000730908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f686f5fdc997af542021-12-21 12:53:17.948root 11241100x8000000000000000730909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e688d6a6cc54c852021-12-21 12:53:17.948root 11241100x8000000000000000730910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c21485ac74dceec2021-12-21 12:53:17.948root 11241100x8000000000000000730911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b681b8fe93a8952021-12-21 12:53:17.948root 11241100x8000000000000000730912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0464909c94ecbceb2021-12-21 12:53:17.948root 11241100x8000000000000000730913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed780989c8b7da132021-12-21 12:53:18.442root 11241100x8000000000000000730914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7292278b6c6241152021-12-21 12:53:18.443root 11241100x8000000000000000730915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8dcb5df8af089b2021-12-21 12:53:18.443root 11241100x8000000000000000730916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b59b4cd3f47ef82021-12-21 12:53:18.443root 11241100x8000000000000000730917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df46eaae974704572021-12-21 12:53:18.443root 11241100x8000000000000000730918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979b34228ab8bfcf2021-12-21 12:53:18.443root 11241100x8000000000000000730919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94fa971114e427d2021-12-21 12:53:18.443root 11241100x8000000000000000730920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e95a8159f6bb02021-12-21 12:53:18.443root 11241100x8000000000000000730921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94d88f8f4c58ca2021-12-21 12:53:18.443root 11241100x8000000000000000730922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9108285831170852021-12-21 12:53:18.443root 11241100x8000000000000000730923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237ae4f45932bdde2021-12-21 12:53:18.443root 11241100x8000000000000000730924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6c92107ba0fed42021-12-21 12:53:18.443root 11241100x8000000000000000730925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6094f503c319669d2021-12-21 12:53:18.443root 11241100x8000000000000000730926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5df8a46ae6e24b2021-12-21 12:53:18.444root 11241100x8000000000000000730927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cc1dc54a15d0742021-12-21 12:53:18.444root 11241100x8000000000000000730928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5661d01e9f46008a2021-12-21 12:53:18.444root 11241100x8000000000000000730929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc792a6e12d27bbd2021-12-21 12:53:18.444root 11241100x8000000000000000730930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef85cf12876ad2c2021-12-21 12:53:18.444root 11241100x8000000000000000730931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b4dd0886d0ecd72021-12-21 12:53:18.444root 11241100x8000000000000000730932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa22878213bee82d2021-12-21 12:53:18.444root 11241100x8000000000000000730933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fe89cf304c3a8b2021-12-21 12:53:18.444root 11241100x8000000000000000730934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4956e7116f855e2021-12-21 12:53:18.444root 11241100x8000000000000000730935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78f5bd757e8e9fd2021-12-21 12:53:18.444root 11241100x8000000000000000730936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c738456591c91e82021-12-21 12:53:18.444root 11241100x8000000000000000730937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5381b86cf7a1ff422021-12-21 12:53:18.445root 11241100x8000000000000000730938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905d7a64f610f5702021-12-21 12:53:18.445root 11241100x8000000000000000730939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9089887f959f3db02021-12-21 12:53:18.445root 11241100x8000000000000000730940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b6bf274eb2389c2021-12-21 12:53:18.445root 11241100x8000000000000000730941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786caa275ed063d22021-12-21 12:53:18.445root 11241100x8000000000000000730942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994d32d59fc20f32021-12-21 12:53:18.445root 11241100x8000000000000000730943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27227d554faef7472021-12-21 12:53:18.445root 11241100x8000000000000000730944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f49aa7d9762d6622021-12-21 12:53:18.446root 11241100x8000000000000000730945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291122bc5526f5a72021-12-21 12:53:18.446root 11241100x8000000000000000730946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c1262c853bff92021-12-21 12:53:18.446root 11241100x8000000000000000730947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda05fc7fa4b98492021-12-21 12:53:18.446root 11241100x8000000000000000730948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d34b09b84a3200d2021-12-21 12:53:18.446root 11241100x8000000000000000730949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e8409d118924972021-12-21 12:53:18.446root 11241100x8000000000000000730950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa2fa991c0b91252021-12-21 12:53:18.446root 11241100x8000000000000000730951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19db3d47d61e034b2021-12-21 12:53:18.446root 11241100x8000000000000000730952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd5226a78260482021-12-21 12:53:18.446root 11241100x8000000000000000730953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d10a732c9e606ac2021-12-21 12:53:18.447root 11241100x8000000000000000730954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7be99fd7ddfb5542021-12-21 12:53:18.447root 11241100x8000000000000000730955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abbf4c4a6794cd52021-12-21 12:53:18.447root 11241100x8000000000000000730956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e2e4eee82ad81c2021-12-21 12:53:18.447root 11241100x8000000000000000730957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604c791f85d3908e2021-12-21 12:53:18.447root 11241100x8000000000000000730958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c977ea8f4d13cc762021-12-21 12:53:18.447root 11241100x8000000000000000730959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a412167b288dcdf2021-12-21 12:53:18.447root 11241100x8000000000000000730960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730d25c4e1aa701b2021-12-21 12:53:18.447root 11241100x8000000000000000730961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a578ab7399a37cc92021-12-21 12:53:18.447root 11241100x8000000000000000730962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd8f907a0ba12242021-12-21 12:53:18.448root 11241100x8000000000000000730963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a333a29f0728cc42021-12-21 12:53:18.448root 11241100x8000000000000000730964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d66c36dbb6f6572021-12-21 12:53:18.448root 11241100x8000000000000000730965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54e09b6e3368af2021-12-21 12:53:18.448root 11241100x8000000000000000730966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dc77819c90580f2021-12-21 12:53:18.448root 11241100x8000000000000000730967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63520d32e70590942021-12-21 12:53:18.448root 11241100x8000000000000000730968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36720d192f635fcf2021-12-21 12:53:18.448root 11241100x8000000000000000730969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa3f89112ee88f02021-12-21 12:53:18.448root 11241100x8000000000000000730970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a286cadb4ceccec2021-12-21 12:53:18.448root 11241100x8000000000000000730971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87246b7d871451152021-12-21 12:53:18.449root 11241100x8000000000000000730972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac5b078256e872e2021-12-21 12:53:18.449root 11241100x8000000000000000730973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70176295a0090912021-12-21 12:53:18.449root 11241100x8000000000000000730974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fb07c3b3c5a8182021-12-21 12:53:18.449root 11241100x8000000000000000730975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8c383c7d8091d02021-12-21 12:53:18.449root 11241100x8000000000000000730976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52af5b998708ca42021-12-21 12:53:18.449root 11241100x8000000000000000730977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac6e51d4bc52ab32021-12-21 12:53:18.449root 11241100x8000000000000000730978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2932a2d8b9906872021-12-21 12:53:18.449root 11241100x8000000000000000730979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925218d7b3c037382021-12-21 12:53:18.449root 11241100x8000000000000000730980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60d5d04fd0aaef02021-12-21 12:53:18.450root 11241100x8000000000000000730981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2110b527c0dc0f2021-12-21 12:53:18.450root 11241100x8000000000000000730982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df5b41de8dd4c5f2021-12-21 12:53:18.450root 11241100x8000000000000000730983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6645e25fe9ee582021-12-21 12:53:18.450root 11241100x8000000000000000730984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa0fd44307365832021-12-21 12:53:18.450root 11241100x8000000000000000730985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba985a9f92a70aa2021-12-21 12:53:18.450root 11241100x8000000000000000730986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827d5e4497f1378b2021-12-21 12:53:18.450root 11241100x8000000000000000730987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ade0df6981caf982021-12-21 12:53:18.450root 11241100x8000000000000000730988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254de0b1db2f70402021-12-21 12:53:18.450root 11241100x8000000000000000730989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc41032bfe45b25c2021-12-21 12:53:18.450root 11241100x8000000000000000730990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88f1d0428a4327d2021-12-21 12:53:18.451root 11241100x8000000000000000730991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e4e069ae7540fe2021-12-21 12:53:18.451root 11241100x8000000000000000730992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f9aa0398b10e402021-12-21 12:53:18.451root 11241100x8000000000000000730993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2eb3389a10fb242021-12-21 12:53:18.451root 11241100x8000000000000000730994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9cd8f7cf5a5e8a2021-12-21 12:53:18.451root 11241100x8000000000000000730995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd996e3476e164442021-12-21 12:53:18.451root 11241100x8000000000000000730996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e6e603c221f00d2021-12-21 12:53:18.451root 11241100x8000000000000000730997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f63ea928ac28842021-12-21 12:53:18.451root 11241100x8000000000000000730998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72aee836b58269a2021-12-21 12:53:18.451root 11241100x8000000000000000730999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d86c48760c5e7f92021-12-21 12:53:18.451root 11241100x8000000000000000731000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b024241820df4c5c2021-12-21 12:53:18.451root 11241100x8000000000000000731001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd4e6e413db36be2021-12-21 12:53:18.451root 11241100x8000000000000000731002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4891951a1efd17f2021-12-21 12:53:18.453root 11241100x8000000000000000731003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d935e2f1e910b62021-12-21 12:53:18.453root 11241100x8000000000000000731004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa91c8807e3f219a2021-12-21 12:53:18.453root 11241100x8000000000000000731005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5216e6c109fe9dfb2021-12-21 12:53:18.453root 11241100x8000000000000000731006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87df533ad792299d2021-12-21 12:53:18.453root 11241100x8000000000000000731007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228effa12c26f9562021-12-21 12:53:18.453root 11241100x8000000000000000731008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d4ea744287bcb2021-12-21 12:53:18.453root 11241100x8000000000000000731009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775ba9805bd9cd3e2021-12-21 12:53:18.453root 11241100x8000000000000000731010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b5775815af920f2021-12-21 12:53:18.453root 11241100x8000000000000000731011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d74621e0caee62021-12-21 12:53:18.453root 11241100x8000000000000000731012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c25c34921efc82021-12-21 12:53:18.454root 11241100x8000000000000000731013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d09d3d3b6b492f2021-12-21 12:53:18.454root 11241100x8000000000000000731014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f260a960919c08662021-12-21 12:53:18.454root 11241100x8000000000000000731015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdefeb2dd2e453cc2021-12-21 12:53:18.454root 11241100x8000000000000000731016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ded951e17e9ebf2021-12-21 12:53:18.454root 11241100x8000000000000000731017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a1c280736a6272021-12-21 12:53:18.454root 11241100x8000000000000000731018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff994e0ec5f207902021-12-21 12:53:18.454root 11241100x8000000000000000731019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1855a077bd6b01de2021-12-21 12:53:18.454root 11241100x8000000000000000731020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078d8e5188c115772021-12-21 12:53:18.454root 11241100x8000000000000000731021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414ab3117ff8e2612021-12-21 12:53:18.454root 11241100x8000000000000000731022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343a051b1adb94de2021-12-21 12:53:18.454root 11241100x8000000000000000731023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0c0ded927cf03d2021-12-21 12:53:18.454root 11241100x8000000000000000731024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8894932daf1bdbe2021-12-21 12:53:18.454root 11241100x8000000000000000731025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95958e76ce4fb3a2021-12-21 12:53:18.454root 11241100x8000000000000000731026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb1cf8d7f9d54ca2021-12-21 12:53:18.454root 11241100x8000000000000000731027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf70e57bd710c1f2021-12-21 12:53:18.454root 11241100x8000000000000000731028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6bbcc8242431912021-12-21 12:53:18.454root 11241100x8000000000000000731029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0294f3eaa46207c2021-12-21 12:53:18.455root 11241100x8000000000000000731030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d484044fb501522021-12-21 12:53:18.455root 11241100x8000000000000000731031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e983d8e5cf52bec42021-12-21 12:53:18.943root 11241100x8000000000000000731032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e792411e0bed35d32021-12-21 12:53:18.943root 11241100x8000000000000000731033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82afdbd9867484a2021-12-21 12:53:18.943root 11241100x8000000000000000731034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf5ea62b11d94b92021-12-21 12:53:18.943root 11241100x8000000000000000731035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d736dcc3f2ccd47e2021-12-21 12:53:18.943root 11241100x8000000000000000731036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254dd2aa95d399fa2021-12-21 12:53:18.943root 11241100x8000000000000000731037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306be418759a50ce2021-12-21 12:53:18.944root 11241100x8000000000000000731038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e88a7f5653f64402021-12-21 12:53:18.944root 11241100x8000000000000000731039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d2fb842afd66e2021-12-21 12:53:18.944root 11241100x8000000000000000731040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98022992ce7032e42021-12-21 12:53:18.944root 11241100x8000000000000000731041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea24bb4a87ec99c2021-12-21 12:53:18.944root 11241100x8000000000000000731042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba861d60a6cd4692021-12-21 12:53:18.944root 11241100x8000000000000000731043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aee14e63fcb72682021-12-21 12:53:18.945root 11241100x8000000000000000731044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a10e42d8996c8a2021-12-21 12:53:18.945root 11241100x8000000000000000731045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e565c5e2d9b03dd2021-12-21 12:53:18.945root 11241100x8000000000000000731046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850e560365e811f2021-12-21 12:53:18.945root 11241100x8000000000000000731047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209159bfcd0bc64f2021-12-21 12:53:18.945root 11241100x8000000000000000731048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c661b413871e482021-12-21 12:53:18.945root 11241100x8000000000000000731049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04897ab3db34ebc72021-12-21 12:53:18.945root 11241100x8000000000000000731050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad539b0670f3005e2021-12-21 12:53:18.945root 11241100x8000000000000000731051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afce4fba215d6f12021-12-21 12:53:18.946root 11241100x8000000000000000731052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41504fd127991982021-12-21 12:53:18.946root 11241100x8000000000000000731053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c4b22adfdcf9fb2021-12-21 12:53:18.946root 11241100x8000000000000000731054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c3f8873b20be622021-12-21 12:53:18.946root 11241100x8000000000000000731055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24826ac36d7f4a0d2021-12-21 12:53:18.946root 11241100x8000000000000000731056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f31b3cfdecc262021-12-21 12:53:18.946root 11241100x8000000000000000731057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d71599ac2cf6b102021-12-21 12:53:18.946root 11241100x8000000000000000731058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467f490e8c4a75a62021-12-21 12:53:18.946root 11241100x8000000000000000731059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b345c76071d46f2021-12-21 12:53:18.946root 11241100x8000000000000000731060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e4bc033abf291d2021-12-21 12:53:18.946root 11241100x8000000000000000731061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2651de23ca6705bc2021-12-21 12:53:18.946root 11241100x8000000000000000731062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf7d8bed308445b2021-12-21 12:53:18.947root 11241100x8000000000000000731063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6503a8fafe20d8672021-12-21 12:53:18.947root 11241100x8000000000000000731064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcd717c2a5cc5752021-12-21 12:53:18.947root 11241100x8000000000000000731065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c9a1949af68b092021-12-21 12:53:18.947root 11241100x8000000000000000731066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5537988fddcf08c02021-12-21 12:53:18.947root 11241100x8000000000000000731067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0231a6b36ee49f62021-12-21 12:53:18.947root 11241100x8000000000000000731068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db64e7f9a8904e5e2021-12-21 12:53:18.947root 11241100x8000000000000000731069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f156056534d348052021-12-21 12:53:18.948root 11241100x8000000000000000731070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df3e56febbcab812021-12-21 12:53:18.948root 11241100x8000000000000000731071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db9df9346a56ac72021-12-21 12:53:18.948root 11241100x8000000000000000731072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a225579df44a2a22021-12-21 12:53:18.948root 11241100x8000000000000000731073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53441f7d958439492021-12-21 12:53:18.948root 11241100x8000000000000000731074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf498576cfa92932021-12-21 12:53:18.948root 11241100x8000000000000000731075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db51219bbb6166c2021-12-21 12:53:18.948root 11241100x8000000000000000731076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6d9b3d5e3d50372021-12-21 12:53:18.949root 11241100x8000000000000000731077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b00dad10ec494642021-12-21 12:53:18.949root 11241100x8000000000000000731078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1d7c25a7b5b9932021-12-21 12:53:18.949root 11241100x8000000000000000731079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9238611609832ef52021-12-21 12:53:18.949root 11241100x8000000000000000731080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f6e26cd2c013902021-12-21 12:53:18.949root 11241100x8000000000000000731081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4589588453efe10b2021-12-21 12:53:18.949root 11241100x8000000000000000731082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152549c7af892d062021-12-21 12:53:18.949root 11241100x8000000000000000731083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13121284a94e9e462021-12-21 12:53:18.949root 11241100x8000000000000000731084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe89078c02ada9522021-12-21 12:53:18.949root 11241100x8000000000000000731085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea585ae4ff0541b92021-12-21 12:53:18.949root 11241100x8000000000000000731086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca5a273444e87f2021-12-21 12:53:18.950root 11241100x8000000000000000731087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25500ce906045cd2021-12-21 12:53:18.950root 11241100x8000000000000000731088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848c096266ae3d1a2021-12-21 12:53:18.950root 11241100x8000000000000000731089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999dc933a51bbf832021-12-21 12:53:18.950root 11241100x8000000000000000731090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420a87c98fe6983f2021-12-21 12:53:18.950root 354300x8000000000000000731091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.010{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50628-false10.0.1.12-8000- 11241100x8000000000000000731092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdcaa6ab05281e02021-12-21 12:53:19.443root 11241100x8000000000000000731093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4c709548ad94902021-12-21 12:53:19.443root 11241100x8000000000000000731094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f565898e0fb194ac2021-12-21 12:53:19.443root 11241100x8000000000000000731095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef56226bfb97e4c2021-12-21 12:53:19.443root 11241100x8000000000000000731096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ae28f0140ab2812021-12-21 12:53:19.444root 11241100x8000000000000000731097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a517a8ad25a5d72021-12-21 12:53:19.444root 11241100x8000000000000000731098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553b0e2268e9a4d42021-12-21 12:53:19.444root 11241100x8000000000000000731099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e58abaac37f4f062021-12-21 12:53:19.444root 11241100x8000000000000000731100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9070038a240ad942021-12-21 12:53:19.444root 11241100x8000000000000000731101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddad3d01080ff49f2021-12-21 12:53:19.444root 11241100x8000000000000000731102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf0e09ff5d78b7f2021-12-21 12:53:19.444root 11241100x8000000000000000731103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103b84f81f9a39252021-12-21 12:53:19.444root 11241100x8000000000000000731104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446fd9623a0dc8802021-12-21 12:53:19.444root 11241100x8000000000000000731105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765da7ad7912f1e72021-12-21 12:53:19.444root 11241100x8000000000000000731106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9a7f904d959d782021-12-21 12:53:19.445root 11241100x8000000000000000731107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df37ed87adbce1632021-12-21 12:53:19.445root 11241100x8000000000000000731108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed275bc7df6e0fc42021-12-21 12:53:19.445root 11241100x8000000000000000731109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caa1dbcbca2feb92021-12-21 12:53:19.445root 11241100x8000000000000000731110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c858084e6e2636b2021-12-21 12:53:19.445root 11241100x8000000000000000731111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9bbda08a4bb55f2021-12-21 12:53:19.445root 11241100x8000000000000000731112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fae3e2453342582021-12-21 12:53:19.445root 11241100x8000000000000000731113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217c893c66c62d0f2021-12-21 12:53:19.446root 11241100x8000000000000000731114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ded6795a2ad7f62021-12-21 12:53:19.446root 11241100x8000000000000000731115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcf805124ac383e2021-12-21 12:53:19.446root 11241100x8000000000000000731116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbebbfadc760228f2021-12-21 12:53:19.446root 11241100x8000000000000000731117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503898ee83ec03612021-12-21 12:53:19.446root 11241100x8000000000000000731118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5ad804eb64b3df2021-12-21 12:53:19.446root 11241100x8000000000000000731119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a151b7fa6fa73592021-12-21 12:53:19.447root 11241100x8000000000000000731120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44deccfbb738f26d2021-12-21 12:53:19.447root 11241100x8000000000000000731121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b921f105a55b0d92021-12-21 12:53:19.447root 11241100x8000000000000000731122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d28784c381de2fe2021-12-21 12:53:19.447root 11241100x8000000000000000731123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ba849e686a9a402021-12-21 12:53:19.447root 11241100x8000000000000000731124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3f8fa016d2222d2021-12-21 12:53:19.447root 11241100x8000000000000000731125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b70e6b6b49da0692021-12-21 12:53:19.447root 11241100x8000000000000000731126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4ad3e6d76eec6e2021-12-21 12:53:19.447root 11241100x8000000000000000731127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300d3c72caec4dce2021-12-21 12:53:19.447root 11241100x8000000000000000731128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37fc19647a2f37c2021-12-21 12:53:19.447root 11241100x8000000000000000731129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bc825e871779512021-12-21 12:53:19.447root 11241100x8000000000000000731130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b7224c2e732fd2021-12-21 12:53:19.447root 11241100x8000000000000000731131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac1058566e9b4972021-12-21 12:53:19.448root 11241100x8000000000000000731132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4395078cd4d8e9fd2021-12-21 12:53:19.448root 11241100x8000000000000000731133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89143911dd965bc2021-12-21 12:53:19.448root 11241100x8000000000000000731134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c941ecee1512bc12021-12-21 12:53:19.448root 11241100x8000000000000000731135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862c96258655fe352021-12-21 12:53:19.448root 11241100x8000000000000000731136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d99c4fc2fd8dbfa2021-12-21 12:53:19.448root 11241100x8000000000000000731137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337f9a1fc9917f562021-12-21 12:53:19.448root 11241100x8000000000000000731138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5026dd39301992c62021-12-21 12:53:19.448root 11241100x8000000000000000731139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418e7290008885922021-12-21 12:53:19.448root 11241100x8000000000000000731140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f30f207d7d56bb2021-12-21 12:53:19.448root 11241100x8000000000000000731141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732ed821d320133f2021-12-21 12:53:19.448root 11241100x8000000000000000731142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ac2b7890647ae42021-12-21 12:53:19.448root 11241100x8000000000000000731143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddf3a36ea9a27b52021-12-21 12:53:19.448root 11241100x8000000000000000731144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed020fd5a4453e62021-12-21 12:53:19.448root 11241100x8000000000000000731145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5bac08254feafd2021-12-21 12:53:19.448root 11241100x8000000000000000731146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ae4f6a7cd607b12021-12-21 12:53:19.448root 11241100x8000000000000000731147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e8b8fb3bdb3bfd2021-12-21 12:53:19.449root 11241100x8000000000000000731148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c30d0c49bcab1042021-12-21 12:53:19.449root 11241100x8000000000000000731149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a507cbc303ed1f12021-12-21 12:53:19.449root 11241100x8000000000000000731150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04f0261732553042021-12-21 12:53:19.449root 11241100x8000000000000000731151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14764035215262752021-12-21 12:53:19.449root 11241100x8000000000000000731152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba681b049dd0b7f2021-12-21 12:53:19.449root 11241100x8000000000000000731153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade0896f527c233c2021-12-21 12:53:19.449root 11241100x8000000000000000731154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4237590aab8c7c02021-12-21 12:53:19.449root 11241100x8000000000000000731155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247a2b552f1662652021-12-21 12:53:19.943root 11241100x8000000000000000731156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58953195b9126b1a2021-12-21 12:53:19.943root 11241100x8000000000000000731157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e712ab3352621d2021-12-21 12:53:19.943root 11241100x8000000000000000731158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d24e65d8548f9e2021-12-21 12:53:19.944root 11241100x8000000000000000731159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2e61bfbe46a7ad2021-12-21 12:53:19.944root 11241100x8000000000000000731160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe58ab488eafde2021-12-21 12:53:19.944root 11241100x8000000000000000731161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e3b45fdc06d1fa2021-12-21 12:53:19.944root 11241100x8000000000000000731162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f77a24aebf6cc882021-12-21 12:53:19.944root 11241100x8000000000000000731163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19f7fecbcc46c1f2021-12-21 12:53:19.944root 11241100x8000000000000000731164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750aef5efe6506532021-12-21 12:53:19.944root 11241100x8000000000000000731165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29965acd3b75977b2021-12-21 12:53:19.944root 11241100x8000000000000000731166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff84a1c5664cd2e2021-12-21 12:53:19.944root 11241100x8000000000000000731167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe4f450da1e176f2021-12-21 12:53:19.944root 11241100x8000000000000000731168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087c9048c5510802021-12-21 12:53:19.944root 11241100x8000000000000000731169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef7a55b1602b532021-12-21 12:53:19.944root 11241100x8000000000000000731170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8705cec72cd54dbb2021-12-21 12:53:19.944root 11241100x8000000000000000731171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ab84d5e9f89d872021-12-21 12:53:19.945root 11241100x8000000000000000731172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bdd268d3d00e962021-12-21 12:53:19.945root 11241100x8000000000000000731173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcd15347d011daf2021-12-21 12:53:19.945root 11241100x8000000000000000731174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b890507dadae22021-12-21 12:53:19.945root 11241100x8000000000000000731175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5f159c5bb05ae32021-12-21 12:53:19.945root 11241100x8000000000000000731176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1d1ff32b871f652021-12-21 12:53:19.945root 11241100x8000000000000000731177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66499a8dba882a872021-12-21 12:53:19.945root 11241100x8000000000000000731178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d12f44da66c24e82021-12-21 12:53:19.946root 11241100x8000000000000000731179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00a56ea67ff2c182021-12-21 12:53:19.946root 11241100x8000000000000000731180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38054a6e69712e2021-12-21 12:53:19.946root 11241100x8000000000000000731181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9300e05ca59f0a0c2021-12-21 12:53:19.946root 11241100x8000000000000000731182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476667afcbfd2ac02021-12-21 12:53:19.946root 11241100x8000000000000000731183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4274ad3243f044082021-12-21 12:53:19.946root 11241100x8000000000000000731184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64415ed05e5b9d292021-12-21 12:53:19.946root 11241100x8000000000000000731185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec0d0c34d895bff2021-12-21 12:53:19.947root 11241100x8000000000000000731186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f54f26ae08e840a2021-12-21 12:53:19.947root 11241100x8000000000000000731187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8032ac38159ac3632021-12-21 12:53:19.947root 11241100x8000000000000000731188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676850a7dbf5b29d2021-12-21 12:53:19.947root 11241100x8000000000000000731189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89387f77cbf453f2021-12-21 12:53:19.947root 11241100x8000000000000000731190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc1f2bfa9a38a3c2021-12-21 12:53:19.947root 11241100x8000000000000000731191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5db5eb16bcd8082021-12-21 12:53:19.947root 11241100x8000000000000000731192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b77bf3e8dd9a0122021-12-21 12:53:19.947root 11241100x8000000000000000731193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340eecd872e3fe232021-12-21 12:53:19.947root 11241100x8000000000000000731194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ea90d59c106462021-12-21 12:53:19.947root 11241100x8000000000000000731195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748aa9094a5aae402021-12-21 12:53:19.947root 11241100x8000000000000000731196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73273670ae432fe2021-12-21 12:53:19.947root 11241100x8000000000000000731197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88a6e02234f3c242021-12-21 12:53:19.947root 11241100x8000000000000000731198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bd120800e0eac52021-12-21 12:53:19.948root 11241100x8000000000000000731199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbaa8f5c6283a392021-12-21 12:53:19.948root 11241100x8000000000000000731200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161331d74ccdeb6e2021-12-21 12:53:19.948root 11241100x8000000000000000731201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fa9964eaea7b332021-12-21 12:53:19.948root 11241100x8000000000000000731202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd94fd47640a371b2021-12-21 12:53:19.948root 11241100x8000000000000000731203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edbdd0eff53351a2021-12-21 12:53:19.948root 11241100x8000000000000000731204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf69495b356680772021-12-21 12:53:19.948root 11241100x8000000000000000731205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111fefc54ab597262021-12-21 12:53:19.948root 11241100x8000000000000000731206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c6a1bdeead58422021-12-21 12:53:19.948root 11241100x8000000000000000731207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938eda21031b032d2021-12-21 12:53:19.948root 11241100x8000000000000000731208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fe1e42c7627e232021-12-21 12:53:19.948root 11241100x8000000000000000731209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c084fdbfa965d2102021-12-21 12:53:19.948root 11241100x8000000000000000731210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3225932ef7c8da2021-12-21 12:53:20.443root 11241100x8000000000000000731211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a31510639debaf2021-12-21 12:53:20.443root 11241100x8000000000000000731212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1e622db9a1caa2021-12-21 12:53:20.443root 11241100x8000000000000000731213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55d9cece0e5fc072021-12-21 12:53:20.443root 11241100x8000000000000000731214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec52b023a4e5f782021-12-21 12:53:20.443root 11241100x8000000000000000731215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83a4091af2a43742021-12-21 12:53:20.443root 11241100x8000000000000000731216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb03e689f67f26ab2021-12-21 12:53:20.444root 11241100x8000000000000000731217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1942c42dd799b6a2021-12-21 12:53:20.444root 11241100x8000000000000000731218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41a56762ca0aa9a2021-12-21 12:53:20.444root 11241100x8000000000000000731219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1165fc9d2d51ef922021-12-21 12:53:20.444root 11241100x8000000000000000731220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db5afc5cf1fef662021-12-21 12:53:20.444root 11241100x8000000000000000731221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4dbdc0b46822c2021-12-21 12:53:20.444root 11241100x8000000000000000731222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049b2636a606f622021-12-21 12:53:20.444root 11241100x8000000000000000731223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c7d5c948ffd96e2021-12-21 12:53:20.444root 11241100x8000000000000000731224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233e5815e62c822c2021-12-21 12:53:20.444root 11241100x8000000000000000731225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da36f379ffd4fcb92021-12-21 12:53:20.444root 11241100x8000000000000000731226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c374676c47f7d7d22021-12-21 12:53:20.444root 11241100x8000000000000000731227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a617727e893ca3082021-12-21 12:53:20.444root 11241100x8000000000000000731228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c972aef7e621bb1d2021-12-21 12:53:20.444root 11241100x8000000000000000731229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3ac9a67248784c2021-12-21 12:53:20.444root 11241100x8000000000000000731230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a410a2717927b92021-12-21 12:53:20.444root 11241100x8000000000000000731231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5a8f69e866584f2021-12-21 12:53:20.445root 11241100x8000000000000000731232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40116aa2faa90af82021-12-21 12:53:20.445root 11241100x8000000000000000731233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96c115a53f7b8152021-12-21 12:53:20.445root 11241100x8000000000000000731234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c6b56f47bb63c02021-12-21 12:53:20.445root 11241100x8000000000000000731235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c08e1102857c022021-12-21 12:53:20.445root 11241100x8000000000000000731236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d89560df4dce782021-12-21 12:53:20.445root 11241100x8000000000000000731237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152545a8bf82a51f2021-12-21 12:53:20.445root 11241100x8000000000000000731238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3957e1a4ae73d3972021-12-21 12:53:20.445root 11241100x8000000000000000731239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36cccddbd14d872021-12-21 12:53:20.445root 11241100x8000000000000000731240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71267245ec334d722021-12-21 12:53:20.445root 11241100x8000000000000000731241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003f36b10b15641d2021-12-21 12:53:20.445root 11241100x8000000000000000731242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19088a3a1f8b15ff2021-12-21 12:53:20.445root 11241100x8000000000000000731243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f9b1a105ed05322021-12-21 12:53:20.445root 11241100x8000000000000000731244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a79710038364fe2021-12-21 12:53:20.445root 11241100x8000000000000000731245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0050813500cfda382021-12-21 12:53:20.445root 11241100x8000000000000000731246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20576a285dcb4df12021-12-21 12:53:20.445root 11241100x8000000000000000731247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92e91fe00a015af2021-12-21 12:53:20.446root 11241100x8000000000000000731248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c58a2d83f75d87a2021-12-21 12:53:20.446root 11241100x8000000000000000731249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fae274667399892021-12-21 12:53:20.446root 11241100x8000000000000000731250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0700f69115526ad2021-12-21 12:53:20.446root 11241100x8000000000000000731251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda34a77560c7af02021-12-21 12:53:20.446root 11241100x8000000000000000731252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aa3d32dd298fec2021-12-21 12:53:20.446root 11241100x8000000000000000731253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0f582d8fb61c272021-12-21 12:53:20.446root 11241100x8000000000000000731254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c57f99836504492021-12-21 12:53:20.446root 11241100x8000000000000000731255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b3dcca04d06bac2021-12-21 12:53:20.446root 11241100x8000000000000000731256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126b63e4149cf5f72021-12-21 12:53:20.446root 11241100x8000000000000000731257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ac828633e53d132021-12-21 12:53:20.446root 11241100x8000000000000000731258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abb843e0d42d88c2021-12-21 12:53:20.446root 11241100x8000000000000000731259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c1b18fbf245e6e2021-12-21 12:53:20.446root 11241100x8000000000000000731260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a1e3581805bda62021-12-21 12:53:20.446root 11241100x8000000000000000731261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd948a168d8f80b2021-12-21 12:53:20.446root 11241100x8000000000000000731262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03029da5c96d1fbf2021-12-21 12:53:20.446root 11241100x8000000000000000731263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6e33a638c124d2021-12-21 12:53:20.447root 11241100x8000000000000000731264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4cb58d85abbb0e2021-12-21 12:53:20.447root 11241100x8000000000000000731265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37cd0ffebadf9fb2021-12-21 12:53:20.447root 11241100x8000000000000000731266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f277c71cf3a2b0992021-12-21 12:53:20.447root 11241100x8000000000000000731267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e3992be23362532021-12-21 12:53:20.447root 11241100x8000000000000000731268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543ada31d8633c9b2021-12-21 12:53:20.447root 11241100x8000000000000000731269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11598698bcc082c12021-12-21 12:53:20.447root 11241100x8000000000000000731270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbd95f44afc089b2021-12-21 12:53:20.447root 11241100x8000000000000000731271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801f5df0d18526ab2021-12-21 12:53:20.447root 11241100x8000000000000000731272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1accc1a04c370c602021-12-21 12:53:20.447root 11241100x8000000000000000731273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b5c630c55c86282021-12-21 12:53:20.447root 11241100x8000000000000000731274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269a3ff795bd9a8b2021-12-21 12:53:20.448root 11241100x8000000000000000731275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6da009dc89b231f2021-12-21 12:53:20.448root 11241100x8000000000000000731276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c412f6c8e609b78a2021-12-21 12:53:20.448root 11241100x8000000000000000731277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2c381c7bc3777d2021-12-21 12:53:20.448root 11241100x8000000000000000731278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e674e4d04c416d2021-12-21 12:53:20.448root 11241100x8000000000000000731279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311be601f59fcb52021-12-21 12:53:20.448root 11241100x8000000000000000731280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302373fa060b82342021-12-21 12:53:20.448root 11241100x8000000000000000731281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08b5f1933daf5432021-12-21 12:53:20.448root 11241100x8000000000000000731282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1d4673d3de14b52021-12-21 12:53:20.448root 11241100x8000000000000000731283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5405c35a0a238d172021-12-21 12:53:20.448root 11241100x8000000000000000731284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e237de7f858b84462021-12-21 12:53:20.449root 11241100x8000000000000000731285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5b0335ae1ef3802021-12-21 12:53:20.449root 11241100x8000000000000000731286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9069f0fd503e77e52021-12-21 12:53:20.449root 11241100x8000000000000000731287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cbb7eb30c120b42021-12-21 12:53:20.449root 11241100x8000000000000000731288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54a6d22de09e1892021-12-21 12:53:20.449root 11241100x8000000000000000731289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d47aaef0a2be722021-12-21 12:53:20.449root 11241100x8000000000000000731290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3c59bd77d267532021-12-21 12:53:20.449root 11241100x8000000000000000731291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b44b27e3a5f3e92021-12-21 12:53:20.450root 11241100x8000000000000000731292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71e08a717b57add2021-12-21 12:53:20.450root 11241100x8000000000000000731293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914fa582ce9e1022021-12-21 12:53:20.450root 11241100x8000000000000000731294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e62e342183a9b52021-12-21 12:53:20.450root 11241100x8000000000000000731295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3104b912b0b54f052021-12-21 12:53:20.450root 11241100x8000000000000000731296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3883b051649f702021-12-21 12:53:20.450root 11241100x8000000000000000731297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57029f0b65a966a72021-12-21 12:53:20.450root 11241100x8000000000000000731298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3515ddbabb54c2952021-12-21 12:53:20.450root 11241100x8000000000000000731299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960b069d99c7e61d2021-12-21 12:53:20.450root 11241100x8000000000000000731300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bc387560f18a3f2021-12-21 12:53:20.450root 11241100x8000000000000000731301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ea84355d8c2fe52021-12-21 12:53:20.450root 11241100x8000000000000000731302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6ed35cbf7e5cb2021-12-21 12:53:20.450root 11241100x8000000000000000731303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c65917737d2e412021-12-21 12:53:20.450root 11241100x8000000000000000731304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b749629bed2bbff12021-12-21 12:53:20.451root 11241100x8000000000000000731305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc466c22d6d0c1b72021-12-21 12:53:20.451root 11241100x8000000000000000731306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1362601d1831e2952021-12-21 12:53:20.451root 11241100x8000000000000000731307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17113776d259be012021-12-21 12:53:20.451root 11241100x8000000000000000731308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd1339e0bcc150e2021-12-21 12:53:20.451root 11241100x8000000000000000731309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4990888a11bdfd362021-12-21 12:53:20.451root 11241100x8000000000000000731310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb919a3ae3a42a52021-12-21 12:53:20.451root 11241100x8000000000000000731311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244bf43516df73f12021-12-21 12:53:20.451root 11241100x8000000000000000731312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7cd852e964a1f92021-12-21 12:53:20.451root 11241100x8000000000000000731313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c710985e5399588a2021-12-21 12:53:20.451root 11241100x8000000000000000731314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442bf6406600bade2021-12-21 12:53:20.452root 11241100x8000000000000000731315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e67f392191cc5602021-12-21 12:53:20.452root 11241100x8000000000000000731316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36556df9cf5019e02021-12-21 12:53:20.452root 11241100x8000000000000000731317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf8b0bc0e8adf62021-12-21 12:53:20.452root 11241100x8000000000000000731318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d658e002cd5612021-12-21 12:53:20.452root 11241100x8000000000000000731319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea11dc14daae8fb2021-12-21 12:53:20.452root 11241100x8000000000000000731320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc120fed0732f4b32021-12-21 12:53:20.452root 11241100x8000000000000000731321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e50bdc38943e812021-12-21 12:53:20.452root 11241100x8000000000000000731322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6d8d8cedeea6f62021-12-21 12:53:20.452root 11241100x8000000000000000731323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b56a59fa2d9724b2021-12-21 12:53:20.452root 11241100x8000000000000000731324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93806664d593de6f2021-12-21 12:53:20.452root 11241100x8000000000000000731325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c963bfe5c87e79792021-12-21 12:53:20.453root 11241100x8000000000000000731326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56aaad6079bb9c92021-12-21 12:53:20.943root 11241100x8000000000000000731327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6644b91b7523e82021-12-21 12:53:20.943root 11241100x8000000000000000731328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0750bbaca43f9c32021-12-21 12:53:20.943root 11241100x8000000000000000731329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f69b1e0fbc164d52021-12-21 12:53:20.943root 11241100x8000000000000000731330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d9d8a712d67942021-12-21 12:53:20.943root 11241100x8000000000000000731331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b564c085058bdb562021-12-21 12:53:20.944root 11241100x8000000000000000731332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dc7acd2db489672021-12-21 12:53:20.944root 11241100x8000000000000000731333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c44fbc677c2e4e2021-12-21 12:53:20.944root 11241100x8000000000000000731334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f9a9c99bdd808e2021-12-21 12:53:20.944root 11241100x8000000000000000731335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6215c8f25c8dd1222021-12-21 12:53:20.944root 11241100x8000000000000000731336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01972abeeb39f0c2021-12-21 12:53:20.944root 11241100x8000000000000000731337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625f0e827fb247a2021-12-21 12:53:20.944root 11241100x8000000000000000731338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926fe1fba799b21c2021-12-21 12:53:20.944root 11241100x8000000000000000731339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cbceebc2b241412021-12-21 12:53:20.944root 11241100x8000000000000000731340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f716f48206c1fd912021-12-21 12:53:20.944root 11241100x8000000000000000731341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4182c01697ec322021-12-21 12:53:20.944root 11241100x8000000000000000731342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60641641810dca572021-12-21 12:53:20.944root 11241100x8000000000000000731343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbccac4f807b74d52021-12-21 12:53:20.945root 11241100x8000000000000000731344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b927752a00348b0c2021-12-21 12:53:20.945root 11241100x8000000000000000731345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e694ea8bf816be8e2021-12-21 12:53:20.945root 11241100x8000000000000000731346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517772d739bfcf002021-12-21 12:53:20.945root 11241100x8000000000000000731347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2525e4b56efa44412021-12-21 12:53:20.945root 11241100x8000000000000000731348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d845de66dd39112021-12-21 12:53:20.945root 11241100x8000000000000000731349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22071e6044911782021-12-21 12:53:20.945root 11241100x8000000000000000731350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b5b11776e1557b2021-12-21 12:53:20.945root 11241100x8000000000000000731351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4e2fd8cd238efb2021-12-21 12:53:20.945root 11241100x8000000000000000731352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00095cbf927149272021-12-21 12:53:20.945root 11241100x8000000000000000731353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfba5a43c9bbe942021-12-21 12:53:20.945root 11241100x8000000000000000731354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50afa52a3ac92642021-12-21 12:53:20.946root 11241100x8000000000000000731355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4fb492a14a1cf72021-12-21 12:53:20.946root 11241100x8000000000000000731356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f4aec9fe0a90c12021-12-21 12:53:20.946root 11241100x8000000000000000731357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d5da0551647f2d2021-12-21 12:53:20.946root 11241100x8000000000000000731358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867c8bc8a1bccf7d2021-12-21 12:53:20.946root 11241100x8000000000000000731359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06ba9318bfa7e442021-12-21 12:53:20.946root 11241100x8000000000000000731360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4669297da705ef52021-12-21 12:53:20.946root 11241100x8000000000000000731361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf758819f91cc2d2021-12-21 12:53:20.946root 11241100x8000000000000000731362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02ee27b07c21852021-12-21 12:53:20.946root 11241100x8000000000000000731363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14527edc930dd6c2021-12-21 12:53:20.946root 11241100x8000000000000000731364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6237e5cba83fc1f2021-12-21 12:53:20.946root 11241100x8000000000000000731365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486afdff88ed18fa2021-12-21 12:53:20.947root 11241100x8000000000000000731366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1880b7054402d3232021-12-21 12:53:20.947root 11241100x8000000000000000731367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b417c710e3dd9f62021-12-21 12:53:20.947root 11241100x8000000000000000731368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b898aa9f9fc51f2021-12-21 12:53:20.947root 11241100x8000000000000000731369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85df8c7f86cd0be12021-12-21 12:53:20.947root 11241100x8000000000000000731370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4c3e850df78b2c2021-12-21 12:53:20.947root 11241100x8000000000000000731371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331bb4b4146c2e862021-12-21 12:53:20.947root 11241100x8000000000000000731372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73120629ac914c022021-12-21 12:53:20.947root 11241100x8000000000000000731373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e504e9f3f0b71c22021-12-21 12:53:20.947root 11241100x8000000000000000731374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a112b6e3a4ea7382021-12-21 12:53:20.948root 11241100x8000000000000000731375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069157af86d892262021-12-21 12:53:20.948root 11241100x8000000000000000731376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163dbe3816c1dba32021-12-21 12:53:20.948root 11241100x8000000000000000731377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41f3953848ca16b2021-12-21 12:53:20.948root 11241100x8000000000000000731378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e3388a829988642021-12-21 12:53:20.948root 11241100x8000000000000000731379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8c8739173231ce2021-12-21 12:53:20.949root 11241100x8000000000000000731380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40957b3157fdb62021-12-21 12:53:20.949root 11241100x8000000000000000731381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bf91cf9cbccb292021-12-21 12:53:20.950root 11241100x8000000000000000731382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaddb573e785ea92021-12-21 12:53:20.950root 11241100x8000000000000000731383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f205e17f1c3f1302021-12-21 12:53:20.951root 11241100x8000000000000000731384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b0d68c41c2a0bd2021-12-21 12:53:20.951root 11241100x8000000000000000731385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368a494fc3ce8fc42021-12-21 12:53:20.951root 11241100x8000000000000000731386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825cdc0fa75215152021-12-21 12:53:20.952root 11241100x8000000000000000731387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b283a2a4674463a2021-12-21 12:53:20.952root 11241100x8000000000000000731388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b2d940d705430a2021-12-21 12:53:20.952root 11241100x8000000000000000731389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1d8d7fa49471cb2021-12-21 12:53:20.952root 11241100x8000000000000000731390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861ac75205e633c2021-12-21 12:53:20.952root 11241100x8000000000000000731391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cecc20b7e2806362021-12-21 12:53:20.952root 11241100x8000000000000000731392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf15c934fafb4292021-12-21 12:53:20.953root 11241100x8000000000000000731393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd53c595c20e02b2021-12-21 12:53:20.953root 11241100x8000000000000000731394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ace5d5d00858dd12021-12-21 12:53:20.953root 11241100x8000000000000000731395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7737e9e74f30aa462021-12-21 12:53:20.953root 11241100x8000000000000000731396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f86bbc59c328c82021-12-21 12:53:20.953root 11241100x8000000000000000731397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc064f343db9a72021-12-21 12:53:20.953root 11241100x8000000000000000731398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237cd96fdcd57ce42021-12-21 12:53:20.953root 11241100x8000000000000000731399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0183c3745ade212021-12-21 12:53:20.954root 11241100x8000000000000000731400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6d31ae776321c32021-12-21 12:53:20.954root 11241100x8000000000000000731401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ccb2762a5fde6a2021-12-21 12:53:20.954root 11241100x8000000000000000731402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e02ab5be47c9102021-12-21 12:53:20.954root 11241100x8000000000000000731403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307da5cbeaa7149c2021-12-21 12:53:20.954root 11241100x8000000000000000731404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff357295ed7138a2021-12-21 12:53:20.954root 11241100x8000000000000000731405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0371e3e13b09ec832021-12-21 12:53:20.954root 11241100x8000000000000000731406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47233b8f3f95edb02021-12-21 12:53:20.954root 11241100x8000000000000000731407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a1738643af99b62021-12-21 12:53:20.954root 11241100x8000000000000000731408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d90a59e765f67cf2021-12-21 12:53:20.954root 11241100x8000000000000000731409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b0b4c8da8c53282021-12-21 12:53:20.954root 11241100x8000000000000000731410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c120408acdee01762021-12-21 12:53:20.954root 11241100x8000000000000000731411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e19341edf5abcb02021-12-21 12:53:20.954root 11241100x8000000000000000731412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b7a281e13fb5002021-12-21 12:53:20.954root 11241100x8000000000000000731413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d87d5c7bd8602e2021-12-21 12:53:20.954root 11241100x8000000000000000731414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7007d1ac322b4c2021-12-21 12:53:20.954root 11241100x8000000000000000731415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1385b3a1c4a161e32021-12-21 12:53:20.955root 11241100x8000000000000000731416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374f4fd804c1fa8b2021-12-21 12:53:20.955root 11241100x8000000000000000731417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0fac42abe2c3692021-12-21 12:53:20.955root 11241100x8000000000000000731418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb017183f77dd412021-12-21 12:53:20.955root 11241100x8000000000000000731419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d3ade99e007b3c2021-12-21 12:53:20.955root 11241100x8000000000000000731420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aece7bfcbd257b12021-12-21 12:53:20.955root 11241100x8000000000000000731421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403cec2a155efe622021-12-21 12:53:20.955root 11241100x8000000000000000731422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efceb8dd78fd3b62021-12-21 12:53:20.955root 11241100x8000000000000000731423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b31487e1da71a2021-12-21 12:53:20.955root 11241100x8000000000000000731424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8034711f20dbdbc92021-12-21 12:53:20.955root 11241100x8000000000000000731425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67785363416284b12021-12-21 12:53:21.443root 11241100x8000000000000000731426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c619a433c9504422021-12-21 12:53:21.443root 11241100x8000000000000000731427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae74cc6d89e75f42021-12-21 12:53:21.443root 11241100x8000000000000000731428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f303116dbb031bcf2021-12-21 12:53:21.443root 11241100x8000000000000000731429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f3f59b25fb22c52021-12-21 12:53:21.444root 11241100x8000000000000000731430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6381d46b8cec5b22021-12-21 12:53:21.444root 11241100x8000000000000000731431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1987b0df3009e2252021-12-21 12:53:21.444root 11241100x8000000000000000731432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfa5e90dbb7c2cb2021-12-21 12:53:21.444root 11241100x8000000000000000731433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7798d67c38e314782021-12-21 12:53:21.444root 11241100x8000000000000000731434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1033cd11fba881e2021-12-21 12:53:21.444root 11241100x8000000000000000731435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c585ccd742735572021-12-21 12:53:21.444root 11241100x8000000000000000731436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd4d8f75ab999002021-12-21 12:53:21.444root 11241100x8000000000000000731437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b030ed7b6e5b7f2021-12-21 12:53:21.444root 11241100x8000000000000000731438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfed2623d303ab5f2021-12-21 12:53:21.444root 11241100x8000000000000000731439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3befe74ce37fa212021-12-21 12:53:21.444root 11241100x8000000000000000731440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff239ef652e832192021-12-21 12:53:21.444root 11241100x8000000000000000731441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bcea3278d142ec2021-12-21 12:53:21.444root 11241100x8000000000000000731442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192a1e2c9085243f2021-12-21 12:53:21.444root 11241100x8000000000000000731443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c17607784a83fb2021-12-21 12:53:21.444root 11241100x8000000000000000731444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac8cc54ee51f43c2021-12-21 12:53:21.444root 11241100x8000000000000000731445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6b2eaae3eec47c2021-12-21 12:53:21.445root 11241100x8000000000000000731446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a9d34bad441f42021-12-21 12:53:21.445root 11241100x8000000000000000731447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5c3f0c6c30b26f2021-12-21 12:53:21.445root 11241100x8000000000000000731448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4c1c451f9409e72021-12-21 12:53:21.445root 11241100x8000000000000000731449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da336e443075a892021-12-21 12:53:21.445root 11241100x8000000000000000731450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3949ce863fac31f22021-12-21 12:53:21.445root 11241100x8000000000000000731451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97766896fe55e3242021-12-21 12:53:21.445root 11241100x8000000000000000731452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee411366063dd202021-12-21 12:53:21.445root 11241100x8000000000000000731453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167bfca6a9b423e92021-12-21 12:53:21.445root 11241100x8000000000000000731454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62ebb90da0fb9bc2021-12-21 12:53:21.445root 11241100x8000000000000000731455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3121b550b71e372021-12-21 12:53:21.445root 11241100x8000000000000000731456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ecd00cc5e345f12021-12-21 12:53:21.445root 11241100x8000000000000000731457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc146798d0705152021-12-21 12:53:21.445root 11241100x8000000000000000731458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cb2ead608b57522021-12-21 12:53:21.445root 11241100x8000000000000000731459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65bde9a6c1ce7532021-12-21 12:53:21.445root 11241100x8000000000000000731460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a0e2f363abc8a2021-12-21 12:53:21.445root 11241100x8000000000000000731461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ec37be9e28c9542021-12-21 12:53:21.446root 11241100x8000000000000000731462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960b66a8889902f12021-12-21 12:53:21.446root 11241100x8000000000000000731463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bbe0235383729a2021-12-21 12:53:21.446root 11241100x8000000000000000731464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739abb9dbd0b9b2b2021-12-21 12:53:21.446root 11241100x8000000000000000731465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba607691738837892021-12-21 12:53:21.446root 11241100x8000000000000000731466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793e78ee0047135d2021-12-21 12:53:21.446root 11241100x8000000000000000731467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7241dfbed7ddce12021-12-21 12:53:21.446root 11241100x8000000000000000731468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ac3194951dcfaf2021-12-21 12:53:21.446root 11241100x8000000000000000731469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8312fb7662b21f612021-12-21 12:53:21.446root 11241100x8000000000000000731470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd38f68fb2d62002021-12-21 12:53:21.446root 11241100x8000000000000000731471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4764a0f4d46de1602021-12-21 12:53:21.446root 11241100x8000000000000000731472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ba60a052108efb2021-12-21 12:53:21.943root 11241100x8000000000000000731473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f074b4135b99ee22021-12-21 12:53:21.943root 11241100x8000000000000000731474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c195666d274542021-12-21 12:53:21.943root 11241100x8000000000000000731475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd884d2fd354a272021-12-21 12:53:21.944root 11241100x8000000000000000731476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713091d1256ccdfc2021-12-21 12:53:21.944root 11241100x8000000000000000731477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbd08a10ff7d1eb2021-12-21 12:53:21.944root 11241100x8000000000000000731478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54d01fe26053fd12021-12-21 12:53:21.944root 11241100x8000000000000000731479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b70c0ddd7788872021-12-21 12:53:21.944root 11241100x8000000000000000731480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc6d16adb8ab42c2021-12-21 12:53:21.944root 11241100x8000000000000000731481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff342f6667931672021-12-21 12:53:21.944root 11241100x8000000000000000731482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9d3b1a2182e2572021-12-21 12:53:21.944root 11241100x8000000000000000731483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c161044b001c0b42021-12-21 12:53:21.945root 11241100x8000000000000000731484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0dea647d88c6832021-12-21 12:53:21.945root 11241100x8000000000000000731485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59b918d409bfa2a2021-12-21 12:53:21.945root 11241100x8000000000000000731486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16381b31281451e2021-12-21 12:53:21.945root 11241100x8000000000000000731487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4790811c2f633c2021-12-21 12:53:21.945root 11241100x8000000000000000731488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc25a626bea36492021-12-21 12:53:21.945root 11241100x8000000000000000731489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34748c3dcabab3e2021-12-21 12:53:21.945root 11241100x8000000000000000731490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490c59cd3988c9f72021-12-21 12:53:21.945root 11241100x8000000000000000731491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b438781b49fd462021-12-21 12:53:21.945root 11241100x8000000000000000731492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee9950b7c3e7f382021-12-21 12:53:21.946root 11241100x8000000000000000731493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfea4d82a8228b72021-12-21 12:53:21.946root 11241100x8000000000000000731494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0038a727f02168212021-12-21 12:53:21.946root 11241100x8000000000000000731495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399b3f7a719953a62021-12-21 12:53:21.946root 11241100x8000000000000000731496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60890c3187deb2042021-12-21 12:53:21.946root 11241100x8000000000000000731497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf999980f77b9db2021-12-21 12:53:21.946root 11241100x8000000000000000731498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9e6a246e9783b12021-12-21 12:53:21.946root 11241100x8000000000000000731499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2144329ec03efa32021-12-21 12:53:21.946root 11241100x8000000000000000731500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636a9fcbf40572372021-12-21 12:53:21.947root 11241100x8000000000000000731501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a6df9e3b7b44e42021-12-21 12:53:21.947root 11241100x8000000000000000731502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79de0b739f6b3dc12021-12-21 12:53:21.947root 11241100x8000000000000000731503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52e29a343b29ffb2021-12-21 12:53:21.947root 11241100x8000000000000000731504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ccfa1072f659e52021-12-21 12:53:21.948root 11241100x8000000000000000731505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c486eef3274fd0c2021-12-21 12:53:21.948root 11241100x8000000000000000731506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe9071c1ec9e1f52021-12-21 12:53:21.948root 11241100x8000000000000000731507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4d3f5d775770832021-12-21 12:53:21.948root 11241100x8000000000000000731508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5040fcf6ca43fd692021-12-21 12:53:21.948root 11241100x8000000000000000731509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a67daf2f60b4be92021-12-21 12:53:21.948root 11241100x8000000000000000731510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0920bffce78b07d82021-12-21 12:53:21.948root 11241100x8000000000000000731511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b20c669902be8822021-12-21 12:53:21.949root 11241100x8000000000000000731512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308eb708eb344e352021-12-21 12:53:21.949root 11241100x8000000000000000731513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da847811c347c0022021-12-21 12:53:21.949root 11241100x8000000000000000731514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cebaa25a0f86e62021-12-21 12:53:21.949root 11241100x8000000000000000731515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e93fae383234fd2021-12-21 12:53:21.950root 11241100x8000000000000000731516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7748b157e4a04fda2021-12-21 12:53:21.950root 11241100x8000000000000000731517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f0adb6f9c9ecc92021-12-21 12:53:21.950root 11241100x8000000000000000731518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafa2d7bf414b5ad2021-12-21 12:53:21.950root 11241100x8000000000000000731519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47edf3c43879d0362021-12-21 12:53:21.950root 11241100x8000000000000000731520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f369049b271ad92021-12-21 12:53:21.950root 11241100x8000000000000000731521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8cbf1b9fab54ab2021-12-21 12:53:21.950root 11241100x8000000000000000731522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76488d805334ed0d2021-12-21 12:53:22.443root 11241100x8000000000000000731523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9509439fe3cd19112021-12-21 12:53:22.443root 11241100x8000000000000000731524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f89ce269a771e02021-12-21 12:53:22.443root 11241100x8000000000000000731525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b758cd63776bfd2021-12-21 12:53:22.443root 11241100x8000000000000000731526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf4b3d560ce1e322021-12-21 12:53:22.444root 11241100x8000000000000000731527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bd8b847db2d5852021-12-21 12:53:22.444root 11241100x8000000000000000731528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72f8cd2a66756802021-12-21 12:53:22.444root 11241100x8000000000000000731529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5334430568d36a2021-12-21 12:53:22.444root 11241100x8000000000000000731530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de9d7d3d3cfa9632021-12-21 12:53:22.444root 11241100x8000000000000000731531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c389b712ea850b2021-12-21 12:53:22.444root 11241100x8000000000000000731532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4134ce957c925c4d2021-12-21 12:53:22.444root 11241100x8000000000000000731533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2729d6c22ea6912021-12-21 12:53:22.444root 11241100x8000000000000000731534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f952961d88b89c2021-12-21 12:53:22.445root 11241100x8000000000000000731535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f910dbbfa30d872f2021-12-21 12:53:22.445root 11241100x8000000000000000731536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0371616ee02a6e2021-12-21 12:53:22.445root 11241100x8000000000000000731537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a8690a41c2c7ea2021-12-21 12:53:22.445root 11241100x8000000000000000731538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bffdb30669eba222021-12-21 12:53:22.445root 11241100x8000000000000000731539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bb582aa4411fd62021-12-21 12:53:22.445root 11241100x8000000000000000731540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9656e28afd5fa52021-12-21 12:53:22.445root 11241100x8000000000000000731541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e303012ed1aa022021-12-21 12:53:22.445root 11241100x8000000000000000731542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0033049a871f4ef22021-12-21 12:53:22.445root 11241100x8000000000000000731543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a375fb19384499262021-12-21 12:53:22.446root 11241100x8000000000000000731544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0e877294b88e792021-12-21 12:53:22.446root 11241100x8000000000000000731545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22135754367aded82021-12-21 12:53:22.446root 11241100x8000000000000000731546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5cdce64c9135a52021-12-21 12:53:22.446root 11241100x8000000000000000731547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8d6739918aa0f2021-12-21 12:53:22.446root 11241100x8000000000000000731548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec562caf28116312021-12-21 12:53:22.446root 11241100x8000000000000000731549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078edaae24dc41252021-12-21 12:53:22.446root 11241100x8000000000000000731550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25001f1aa0b573c2021-12-21 12:53:22.446root 11241100x8000000000000000731551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fac0bd6dfe249d2021-12-21 12:53:22.446root 11241100x8000000000000000731552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e19d98494147d32021-12-21 12:53:22.446root 11241100x8000000000000000731553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5237e014dd5280fa2021-12-21 12:53:22.446root 11241100x8000000000000000731554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227533fbe51225ad2021-12-21 12:53:22.447root 11241100x8000000000000000731555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d386a49a8bde5eff2021-12-21 12:53:22.447root 11241100x8000000000000000731556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56cb7b6656b36dc2021-12-21 12:53:22.447root 11241100x8000000000000000731557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d47c4d0de97c622021-12-21 12:53:22.447root 11241100x8000000000000000731558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ed3cb9cb52d93f2021-12-21 12:53:22.447root 11241100x8000000000000000731559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0174793eb114f86c2021-12-21 12:53:22.447root 11241100x8000000000000000731560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21297ea40de744982021-12-21 12:53:22.447root 11241100x8000000000000000731561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02247f360aab655f2021-12-21 12:53:22.447root 11241100x8000000000000000731562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3e856a8fab95de2021-12-21 12:53:22.447root 11241100x8000000000000000731563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bb2cf6b361fa542021-12-21 12:53:22.447root 11241100x8000000000000000731564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6c496fd83bae102021-12-21 12:53:22.448root 11241100x8000000000000000731565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8f684af3fb62712021-12-21 12:53:22.448root 11241100x8000000000000000731566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18761413ea5356202021-12-21 12:53:22.448root 11241100x8000000000000000731567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69f087f2bca13ef2021-12-21 12:53:22.448root 11241100x8000000000000000731568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc77202426a3d8102021-12-21 12:53:22.448root 11241100x8000000000000000731569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0174cd94e03ddcd82021-12-21 12:53:22.448root 11241100x8000000000000000731570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a82dd293580a8e2021-12-21 12:53:22.448root 11241100x8000000000000000731571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8235ae5fc910a82021-12-21 12:53:22.448root 11241100x8000000000000000731572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a8556da35b8ec62021-12-21 12:53:22.448root 11241100x8000000000000000731573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3ddbcc43908eed2021-12-21 12:53:22.448root 11241100x8000000000000000731574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20fb13f20b1eacc2021-12-21 12:53:22.449root 11241100x8000000000000000731575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c4ed44d03011292021-12-21 12:53:22.449root 11241100x8000000000000000731576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a298ba3d5800372021-12-21 12:53:22.449root 11241100x8000000000000000731577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0b50ce59ac5cd62021-12-21 12:53:22.449root 11241100x8000000000000000731578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112fdb758ba291ca2021-12-21 12:53:22.449root 11241100x8000000000000000731579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba6f702d8497dd42021-12-21 12:53:22.449root 11241100x8000000000000000731580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c76f42956df6982021-12-21 12:53:22.449root 11241100x8000000000000000731581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918fb2facea8e5fb2021-12-21 12:53:22.449root 11241100x8000000000000000731582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d535fee6b638dbb2021-12-21 12:53:22.449root 11241100x8000000000000000731583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d719c7ab270299522021-12-21 12:53:22.449root 11241100x8000000000000000731584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dee5f69543fc84a2021-12-21 12:53:22.450root 11241100x8000000000000000731585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906c96e011191e122021-12-21 12:53:22.450root 11241100x8000000000000000731586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1d36b40b858b992021-12-21 12:53:22.450root 11241100x8000000000000000731587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f13f06a054849d2021-12-21 12:53:22.450root 11241100x8000000000000000731588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d022566708fe6ea52021-12-21 12:53:22.450root 11241100x8000000000000000731589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ee4e40c19d4d1b2021-12-21 12:53:22.450root 11241100x8000000000000000731590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a53334a0f1f94502021-12-21 12:53:22.450root 11241100x8000000000000000731591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7ef2fa094a26ed2021-12-21 12:53:22.450root 11241100x8000000000000000731592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21312cf09e4b8272021-12-21 12:53:22.943root 11241100x8000000000000000731593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acca95c944f0a4722021-12-21 12:53:22.943root 11241100x8000000000000000731594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1649041c495915e2021-12-21 12:53:22.943root 11241100x8000000000000000731595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fde5de95bb270cd2021-12-21 12:53:22.943root 11241100x8000000000000000731596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0624637986a4d73c2021-12-21 12:53:22.944root 11241100x8000000000000000731597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d40ae74aa499e882021-12-21 12:53:22.944root 11241100x8000000000000000731598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d342bea1478991f2021-12-21 12:53:22.944root 11241100x8000000000000000731599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d34276db3f10692021-12-21 12:53:22.944root 11241100x8000000000000000731600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def88537aaa604d62021-12-21 12:53:22.944root 11241100x8000000000000000731601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea50a2a46cc5de462021-12-21 12:53:22.944root 11241100x8000000000000000731602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1a21b45bb1dc472021-12-21 12:53:22.944root 11241100x8000000000000000731603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d41314afe5b88362021-12-21 12:53:22.944root 11241100x8000000000000000731604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ab9f3719edd5aa2021-12-21 12:53:22.945root 11241100x8000000000000000731605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a37141d60ca37832021-12-21 12:53:22.945root 11241100x8000000000000000731606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d775890c602cc52021-12-21 12:53:22.945root 11241100x8000000000000000731607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3664fb81c6a6f6fe2021-12-21 12:53:22.945root 11241100x8000000000000000731608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a1237d8f83b50a2021-12-21 12:53:22.945root 11241100x8000000000000000731609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064c4973d525f4092021-12-21 12:53:22.945root 11241100x8000000000000000731610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d657257b76fca2021-12-21 12:53:22.945root 11241100x8000000000000000731611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73e1afc13f79302021-12-21 12:53:22.946root 11241100x8000000000000000731612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9957e4afd182122021-12-21 12:53:22.946root 11241100x8000000000000000731613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc44f87e10d292ec2021-12-21 12:53:22.946root 11241100x8000000000000000731614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71611d3f3c99e7bb2021-12-21 12:53:22.946root 11241100x8000000000000000731615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f22439a7041d882021-12-21 12:53:22.946root 11241100x8000000000000000731616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b30907cbc8954b2021-12-21 12:53:22.946root 11241100x8000000000000000731617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df05e9bd86c1b1d72021-12-21 12:53:22.946root 11241100x8000000000000000731618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788e0c61a0a94b9d2021-12-21 12:53:22.947root 11241100x8000000000000000731619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0058d311579c5e152021-12-21 12:53:22.947root 11241100x8000000000000000731620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0212605baa213aeb2021-12-21 12:53:22.947root 11241100x8000000000000000731621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc694f92680e5dc2021-12-21 12:53:22.947root 11241100x8000000000000000731622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1f90b841c225272021-12-21 12:53:22.947root 354300x8000000000000000731674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:40.146{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50638-false10.0.1.12-8000- 11241100x8000000000000000731675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:40.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac6302fb57372f2021-12-21 12:53:40.442root 11241100x8000000000000000731676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:40.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42b56d2aa113f412021-12-21 12:53:40.942root 11241100x8000000000000000731677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:41.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aabdb4e214da3952021-12-21 12:53:41.442root 11241100x8000000000000000731678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:41.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c144f16badb762021-12-21 12:53:41.942root 154100x8000000000000000731679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.039{ec2b6afe-ce56-61c1-6814-9279e1550000}10169/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000731680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.049{ec2b6afe-ce56-61c1-6814-9279e1550000}10169/bin/psroot 11241100x8000000000000000731681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3913f5f7d54a2342021-12-21 12:53:42.442root 11241100x8000000000000000731682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c5e79894df72b82021-12-21 12:53:42.443root 11241100x8000000000000000731683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f654b5346c37ef2021-12-21 12:53:42.443root 11241100x8000000000000000731684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff6c7e7f54f92ad2021-12-21 12:53:42.942root 11241100x8000000000000000731685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fda6684e91534742021-12-21 12:53:42.943root 11241100x8000000000000000731686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa60f22c5ee68ab42021-12-21 12:53:42.943root 11241100x8000000000000000731687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:43.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21897007edd8420e2021-12-21 12:53:43.442root 11241100x8000000000000000731688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054de770a3d43aa72021-12-21 12:53:43.443root 11241100x8000000000000000731689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09d9101dcbdeedc2021-12-21 12:53:43.443root 11241100x8000000000000000731690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:43.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54bac6dfcefa8a42021-12-21 12:53:43.942root 11241100x8000000000000000731691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbcf27ea31eeb2b2021-12-21 12:53:43.943root 11241100x8000000000000000731692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1169ccf54a8082f12021-12-21 12:53:43.943root 11241100x8000000000000000731693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:44.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693de43fd556c79a2021-12-21 12:53:44.442root 11241100x8000000000000000731694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57873900a0fe55182021-12-21 12:53:44.443root 11241100x8000000000000000731695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7d33bdbbac22d22021-12-21 12:53:44.443root 11241100x8000000000000000731696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7962cf8a07e2cf2021-12-21 12:53:44.942root 11241100x8000000000000000731697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e09cef9843b05de2021-12-21 12:53:44.943root 11241100x8000000000000000731698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208e353c1474495b2021-12-21 12:53:44.943root 11241100x8000000000000000731699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262f3499bbf6b8df2021-12-21 12:53:45.442root 11241100x8000000000000000731700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bc7d86a9898fc52021-12-21 12:53:45.443root 11241100x8000000000000000731701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53331084e76a76802021-12-21 12:53:45.443root 11241100x8000000000000000731702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c882188e41d4e72021-12-21 12:53:45.942root 11241100x8000000000000000731703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4961a26a28a32242021-12-21 12:53:45.943root 11241100x8000000000000000731704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e121a8483d4d3202021-12-21 12:53:45.943root 354300x8000000000000000731705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.020{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50640-false10.0.1.12-8000- 11241100x8000000000000000731706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe7a7f060aa70862021-12-21 12:53:46.442root 11241100x8000000000000000731707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158a666060f7ea592021-12-21 12:53:46.443root 11241100x8000000000000000731708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2db8ab0b6e3fb42021-12-21 12:53:46.443root 11241100x8000000000000000731709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87e2abde4f773c52021-12-21 12:53:46.443root 11241100x8000000000000000731710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39681f1844270fb52021-12-21 12:53:46.943root 11241100x8000000000000000731711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935f2122b77294822021-12-21 12:53:46.943root 11241100x8000000000000000731712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c41c68bfa0fa512021-12-21 12:53:46.943root 11241100x8000000000000000731713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22529c8f127580a2021-12-21 12:53:46.943root 11241100x8000000000000000731714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dbbf088e7aecb62021-12-21 12:53:47.442root 11241100x8000000000000000731715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d45dc10753d1ce62021-12-21 12:53:47.443root 11241100x8000000000000000731716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ddfd101d92b6792021-12-21 12:53:47.443root 11241100x8000000000000000731717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65266f28eb5df2db2021-12-21 12:53:47.443root 11241100x8000000000000000731718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efcb081c00b6ba12021-12-21 12:53:47.942root 11241100x8000000000000000731719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4659093d672e9c1a2021-12-21 12:53:47.943root 11241100x8000000000000000731720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a3c6744e98c0bb2021-12-21 12:53:47.943root 11241100x8000000000000000731721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f55c205055fb2e2021-12-21 12:53:47.943root 11241100x8000000000000000731722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff674a47a7588e62021-12-21 12:53:48.442root 11241100x8000000000000000731723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec978547e037247c2021-12-21 12:53:48.443root 11241100x8000000000000000731724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08818b0d559ed3aa2021-12-21 12:53:48.443root 11241100x8000000000000000731725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828393304d8b71bd2021-12-21 12:53:48.443root 11241100x8000000000000000731726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c92b9189ad5f702021-12-21 12:53:48.943root 11241100x8000000000000000731727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a330572140a642fe2021-12-21 12:53:48.943root 11241100x8000000000000000731728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d091e091f380b132021-12-21 12:53:48.943root 11241100x8000000000000000731729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fba607e14d0fbe2021-12-21 12:53:48.943root 11241100x8000000000000000731730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6636b078cb9821792021-12-21 12:53:49.443root 11241100x8000000000000000731731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9bc2bbdd15b01c2021-12-21 12:53:49.443root 11241100x8000000000000000731732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d17ce5b0c469242021-12-21 12:53:49.443root 11241100x8000000000000000731733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7dfa11c80300442021-12-21 12:53:49.443root 11241100x8000000000000000731734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dcef6650fbd7b12021-12-21 12:53:49.942root 11241100x8000000000000000731735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d22898f1e5be362021-12-21 12:53:49.943root 11241100x8000000000000000731736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26119e6702eaef8b2021-12-21 12:53:49.943root 11241100x8000000000000000731737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0435961c199edf8d2021-12-21 12:53:49.943root 11241100x8000000000000000731738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b311268e4564dac22021-12-21 12:53:50.442root 11241100x8000000000000000731739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453a54d9b3037c132021-12-21 12:53:50.443root 11241100x8000000000000000731740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bd28858ef7b0e42021-12-21 12:53:50.443root 11241100x8000000000000000731741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f856f8b7dd478392021-12-21 12:53:50.443root 11241100x8000000000000000731742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ca55115639212c2021-12-21 12:53:50.943root 11241100x8000000000000000731743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096b8e5247721e632021-12-21 12:53:50.943root 11241100x8000000000000000731744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be2450a8635fabe2021-12-21 12:53:50.943root 11241100x8000000000000000731745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505ec5a0c29a749d2021-12-21 12:53:50.943root 354300x8000000000000000731746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50642-false10.0.1.12-8000- 11241100x8000000000000000731747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82847a20592658b62021-12-21 12:53:51.443root 11241100x8000000000000000731748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b43726030be4302021-12-21 12:53:51.443root 11241100x8000000000000000731749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94ddc6c9122e772021-12-21 12:53:51.443root 11241100x8000000000000000731750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881ce242995d12232021-12-21 12:53:51.443root 11241100x8000000000000000731751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e36f6eff85f03f12021-12-21 12:53:51.443root 11241100x8000000000000000731752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98f5d83895ac4a72021-12-21 12:53:51.943root 11241100x8000000000000000731753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a82334a12ab81f52021-12-21 12:53:51.943root 11241100x8000000000000000731754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dd311541cc81bc2021-12-21 12:53:51.943root 11241100x8000000000000000731755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08deb30c65c8a1902021-12-21 12:53:51.943root 11241100x8000000000000000731756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d801fc52530f342021-12-21 12:53:51.943root 11241100x8000000000000000731757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a0350cbcd3e28c2021-12-21 12:53:52.443root 11241100x8000000000000000731758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e8ec49fb80cb42021-12-21 12:53:52.443root 11241100x8000000000000000731759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4271b2a0c1001db02021-12-21 12:53:52.443root 11241100x8000000000000000731760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3e3c2e21bf5bd62021-12-21 12:53:52.443root 11241100x8000000000000000731761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2563d51217c79c2021-12-21 12:53:52.443root 11241100x8000000000000000731762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b6b3b01f338f5d2021-12-21 12:53:52.943root 11241100x8000000000000000731763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e518f667ced7a942021-12-21 12:53:52.943root 11241100x8000000000000000731764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6261a6a05d8f872021-12-21 12:53:52.943root 11241100x8000000000000000731765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1125206278d00062021-12-21 12:53:52.943root 11241100x8000000000000000731766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935485c7b4867d4e2021-12-21 12:53:52.943root 11241100x8000000000000000731767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771073e01f3c006b2021-12-21 12:53:53.443root 11241100x8000000000000000731768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeee16df4d0cd3db2021-12-21 12:53:53.443root 11241100x8000000000000000731769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993920664c045452021-12-21 12:53:53.443root 11241100x8000000000000000731770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb9b9de19de18a62021-12-21 12:53:53.443root 11241100x8000000000000000731771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f67625cd17c8542021-12-21 12:53:53.443root 11241100x8000000000000000731772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e64b7dc4a05b32021-12-21 12:53:53.943root 11241100x8000000000000000731773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ccd737a28a6d2c2021-12-21 12:53:53.943root 11241100x8000000000000000731774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10783669d2f2078a2021-12-21 12:53:53.943root 11241100x8000000000000000731775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2627afdba3fb5d2021-12-21 12:53:53.943root 11241100x8000000000000000731776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b5519482551de52021-12-21 12:53:53.943root 11241100x8000000000000000731777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5248b2c864dad672021-12-21 12:53:54.443root 11241100x8000000000000000731778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e412c4e18a7d07872021-12-21 12:53:54.443root 11241100x8000000000000000731779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36393191b2c33c92021-12-21 12:53:54.443root 11241100x8000000000000000731780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f5e4496ad586b2021-12-21 12:53:54.443root 11241100x8000000000000000731781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18e9cf4c45c58cd2021-12-21 12:53:54.443root 11241100x8000000000000000731782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aca6eb6d12a04722021-12-21 12:53:54.943root 11241100x8000000000000000731783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0384306c6f107382021-12-21 12:53:54.943root 11241100x8000000000000000731784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05c4b2cff642e602021-12-21 12:53:54.943root 11241100x8000000000000000731785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34555c67a973d2f2021-12-21 12:53:54.943root 11241100x8000000000000000731786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea2070c817f96b2021-12-21 12:53:54.943root 11241100x8000000000000000731787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a930b0d9ceff04062021-12-21 12:53:55.443root 11241100x8000000000000000731788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491f20712e6587542021-12-21 12:53:55.443root 11241100x8000000000000000731789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c42b37c67ede1e42021-12-21 12:53:55.443root 11241100x8000000000000000731790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228249bcc29746e62021-12-21 12:53:55.443root 11241100x8000000000000000731791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e361769ee26b372021-12-21 12:53:55.443root 11241100x8000000000000000731792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d428a8a7b195d17c2021-12-21 12:53:55.943root 11241100x8000000000000000731793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386085ac11e602782021-12-21 12:53:55.943root 11241100x8000000000000000731794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601616fde0e03f422021-12-21 12:53:55.943root 11241100x8000000000000000731795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdffda201a7d6642021-12-21 12:53:55.943root 11241100x8000000000000000731796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c832796887f19432021-12-21 12:53:55.943root 354300x8000000000000000731797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.157{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50644-false10.0.1.12-8000- 11241100x8000000000000000731798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9808610cdf7363622021-12-21 12:53:56.443root 11241100x8000000000000000731799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cb4c13b0030d832021-12-21 12:53:56.443root 11241100x8000000000000000731800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db031843f5962c172021-12-21 12:53:56.443root 11241100x8000000000000000731801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0305d20606612e2021-12-21 12:53:56.443root 11241100x8000000000000000731802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b91efb9d39315f2021-12-21 12:53:56.443root 11241100x8000000000000000731803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee121741ca150dd2021-12-21 12:53:56.443root 11241100x8000000000000000731804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e747167bbc1de02021-12-21 12:53:56.943root 11241100x8000000000000000731805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6966bd1501e859f62021-12-21 12:53:56.943root 11241100x8000000000000000731806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf6bb34a88dd7d92021-12-21 12:53:56.943root 11241100x8000000000000000731807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf22933c6ea9d232021-12-21 12:53:56.944root 11241100x8000000000000000731808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d32073002855422021-12-21 12:53:56.944root 11241100x8000000000000000731809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d41f6fd12f7cd02021-12-21 12:53:56.944root 11241100x8000000000000000731810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec422638b0c444c42021-12-21 12:53:57.443root 11241100x8000000000000000731811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbcb680858755cb2021-12-21 12:53:57.443root 11241100x8000000000000000731812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1ed59d262c069c2021-12-21 12:53:57.443root 11241100x8000000000000000731813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facc415ab1a2490f2021-12-21 12:53:57.443root 11241100x8000000000000000731814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794825516348dcb72021-12-21 12:53:57.444root 11241100x8000000000000000731815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718fc8dc43547e1f2021-12-21 12:53:57.444root 11241100x8000000000000000731816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817c43fe3c310fd82021-12-21 12:53:57.943root 11241100x8000000000000000731817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc8d47c2dcffa9d2021-12-21 12:53:57.943root 11241100x8000000000000000731818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8ae41e16dc68b12021-12-21 12:53:57.943root 11241100x8000000000000000731819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409b6f437721474a2021-12-21 12:53:57.943root 11241100x8000000000000000731820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf64eb6d4a420c122021-12-21 12:53:57.943root 11241100x8000000000000000731821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0134214252f6b7302021-12-21 12:53:57.943root 11241100x8000000000000000731822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849800904452eec22021-12-21 12:53:58.443root 11241100x8000000000000000731823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb514db94e4f3ce22021-12-21 12:53:58.443root 11241100x8000000000000000731824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af742ff827812a92021-12-21 12:53:58.443root 11241100x8000000000000000731825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9798f96c8327ff0b2021-12-21 12:53:58.443root 11241100x8000000000000000731826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc7741461c7f2da2021-12-21 12:53:58.443root 11241100x8000000000000000731827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed77486d695f0aa52021-12-21 12:53:58.444root 11241100x8000000000000000731828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44871c4024b142ef2021-12-21 12:53:58.943root 11241100x8000000000000000731829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c2314ab82956962021-12-21 12:53:58.943root 11241100x8000000000000000731830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4d4e498894e9512021-12-21 12:53:58.943root 11241100x8000000000000000731831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b8044e38d2163c2021-12-21 12:53:58.943root 11241100x8000000000000000731832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63beb3c85359e9552021-12-21 12:53:58.943root 11241100x8000000000000000731833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bd2622fc4e5e112021-12-21 12:53:58.944root 11241100x8000000000000000731834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9041083c41879c962021-12-21 12:53:59.443root 11241100x8000000000000000731835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aef357441703fb2021-12-21 12:53:59.443root 11241100x8000000000000000731836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a648df2c303a97b32021-12-21 12:53:59.443root 11241100x8000000000000000731837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22c15c021e4a2682021-12-21 12:53:59.443root 11241100x8000000000000000731838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e81f7145cd34cf2021-12-21 12:53:59.443root 11241100x8000000000000000731839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6cc6eed13f3c432021-12-21 12:53:59.443root 11241100x8000000000000000731840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d214d981c49e63b12021-12-21 12:53:59.943root 11241100x8000000000000000731841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5063b4299fb1017c2021-12-21 12:53:59.943root 11241100x8000000000000000731842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e808123c5dec096e2021-12-21 12:53:59.943root 11241100x8000000000000000731843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67a3c006286d2742021-12-21 12:53:59.943root 11241100x8000000000000000731844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb6e5ee79aa168d2021-12-21 12:53:59.943root 11241100x8000000000000000731845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:53:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6728e5cf05f0f9b92021-12-21 12:53:59.943root 11241100x8000000000000000731846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf72a86804bda6742021-12-21 12:54:00.443root 11241100x8000000000000000731847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de47687de65e67302021-12-21 12:54:00.443root 11241100x8000000000000000731848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d736667be81d86872021-12-21 12:54:00.443root 11241100x8000000000000000731849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44dad73960e35d62021-12-21 12:54:00.443root 11241100x8000000000000000731850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e793a4f3c9310d72021-12-21 12:54:00.443root 11241100x8000000000000000731851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ea8edf4dcbc9b92021-12-21 12:54:00.443root 11241100x8000000000000000731852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc56deccc84ee692021-12-21 12:54:00.943root 11241100x8000000000000000731853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f93e942e68a22bc2021-12-21 12:54:00.943root 11241100x8000000000000000731854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e4f586501dcf922021-12-21 12:54:00.943root 11241100x8000000000000000731855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78acbc18d54bc9652021-12-21 12:54:00.944root 11241100x8000000000000000731856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9685bff36cc241322021-12-21 12:54:00.944root 11241100x8000000000000000731857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85e604130a456102021-12-21 12:54:00.944root 11241100x8000000000000000731858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54de15954a48afb62021-12-21 12:54:01.443root 11241100x8000000000000000731859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eefdd7b902817822021-12-21 12:54:01.443root 11241100x8000000000000000731860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8ba60e93a1f0ea2021-12-21 12:54:01.443root 11241100x8000000000000000731861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c2aad465feb1382021-12-21 12:54:01.443root 11241100x8000000000000000731862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c997cbd75b4a012021-12-21 12:54:01.443root 11241100x8000000000000000731863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e821f840910c8e2021-12-21 12:54:01.444root 11241100x8000000000000000731864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017277fd949683b62021-12-21 12:54:01.943root 11241100x8000000000000000731865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e55991aaa25fda2021-12-21 12:54:01.943root 11241100x8000000000000000731866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7f58e4fd939ed62021-12-21 12:54:01.943root 11241100x8000000000000000731867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facfb34c1ad616502021-12-21 12:54:01.943root 11241100x8000000000000000731868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396169a24d6868772021-12-21 12:54:01.943root 11241100x8000000000000000731869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4009bb23daf98a2021-12-21 12:54:01.943root 354300x8000000000000000731870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50646-false10.0.1.12-8000- 11241100x8000000000000000731871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b075686989c9c72021-12-21 12:54:02.443root 11241100x8000000000000000731872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f578fc43dbfe81502021-12-21 12:54:02.443root 11241100x8000000000000000731873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbd1aeb977f1b702021-12-21 12:54:02.443root 11241100x8000000000000000731874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f054759b7061a4d12021-12-21 12:54:02.443root 11241100x8000000000000000731875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e370c2b1b2a4209b2021-12-21 12:54:02.443root 11241100x8000000000000000731876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d20267bbd49f2e2021-12-21 12:54:02.443root 11241100x8000000000000000731877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cfd7a1d47202402021-12-21 12:54:02.443root 11241100x8000000000000000731878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3473542370f270d32021-12-21 12:54:02.943root 11241100x8000000000000000731879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30cfc1ae2ad9e492021-12-21 12:54:02.943root 11241100x8000000000000000731880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea2bb8e8aac6942021-12-21 12:54:02.943root 11241100x8000000000000000731881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb60bd00c9d9e5302021-12-21 12:54:02.943root 11241100x8000000000000000731882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aded5dd7ff64e82021-12-21 12:54:02.943root 11241100x8000000000000000731883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b399cdbcd499642021-12-21 12:54:02.943root 11241100x8000000000000000731884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d530446a2df5a3b2021-12-21 12:54:02.943root 11241100x8000000000000000731885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7998159064e50e4a2021-12-21 12:54:03.443root 11241100x8000000000000000731886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1016c07545ef82802021-12-21 12:54:03.443root 11241100x8000000000000000731887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6658ffcea8ade0f52021-12-21 12:54:03.443root 11241100x8000000000000000731888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3e50a9614626412021-12-21 12:54:03.443root 11241100x8000000000000000731889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f22c5da58dbeff52021-12-21 12:54:03.443root 11241100x8000000000000000731890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb2bc8997ce57a2021-12-21 12:54:03.443root 11241100x8000000000000000731891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c17043770bdd3382021-12-21 12:54:03.443root 11241100x8000000000000000731892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d1618bc1bd011b2021-12-21 12:54:03.943root 11241100x8000000000000000731893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1637a542577eb0b92021-12-21 12:54:03.943root 11241100x8000000000000000731894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4b87014a3fdbda2021-12-21 12:54:03.943root 11241100x8000000000000000731895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7516671659664022021-12-21 12:54:03.943root 11241100x8000000000000000731896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93521e65932ca1632021-12-21 12:54:03.943root 11241100x8000000000000000731897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc011b2c24600b72021-12-21 12:54:03.943root 11241100x8000000000000000731898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b526a155b24fa992021-12-21 12:54:03.943root 11241100x8000000000000000731899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0638b1177c3785e2021-12-21 12:54:04.443root 11241100x8000000000000000731900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a86e38b3a2ee752021-12-21 12:54:04.443root 11241100x8000000000000000731901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76de6d1c4709f3a2021-12-21 12:54:04.443root 11241100x8000000000000000731902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030b0ba2ee75e2202021-12-21 12:54:04.443root 11241100x8000000000000000731903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb62608ed70bd3622021-12-21 12:54:04.443root 11241100x8000000000000000731904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648222c983584b682021-12-21 12:54:04.443root 11241100x8000000000000000731905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe84c7d0ea77f412021-12-21 12:54:04.443root 11241100x8000000000000000731906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710635f43321eec12021-12-21 12:54:04.943root 11241100x8000000000000000731907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6433cacc2ce3d212021-12-21 12:54:04.943root 11241100x8000000000000000731908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c62361779e57af02021-12-21 12:54:04.943root 11241100x8000000000000000731909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0359fe1cd44849ad2021-12-21 12:54:04.943root 11241100x8000000000000000731910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e3c5925d229fe92021-12-21 12:54:04.943root 11241100x8000000000000000731911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea323a3fef90a2c52021-12-21 12:54:04.944root 11241100x8000000000000000731912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8607e4ea590e20b82021-12-21 12:54:04.944root 11241100x8000000000000000731913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbae6ff726e7b8fb2021-12-21 12:54:05.443root 11241100x8000000000000000731914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079361ba614456042021-12-21 12:54:05.443root 11241100x8000000000000000731915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea3fe096faf0ccc2021-12-21 12:54:05.443root 11241100x8000000000000000731916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b559e5d16c1fe2021-12-21 12:54:05.443root 11241100x8000000000000000731917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c88c188b71c0562021-12-21 12:54:05.443root 11241100x8000000000000000731918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2208693f609b372021-12-21 12:54:05.443root 11241100x8000000000000000731919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6517a78eaf03072e2021-12-21 12:54:05.443root 11241100x8000000000000000731920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf37197a6fc93212021-12-21 12:54:05.943root 11241100x8000000000000000731921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613d7fffeded8f2c2021-12-21 12:54:05.943root 11241100x8000000000000000731922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2b9055df2004902021-12-21 12:54:05.943root 11241100x8000000000000000731923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3145c2fc3ad1f9602021-12-21 12:54:05.943root 11241100x8000000000000000731924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8f18515b7a38702021-12-21 12:54:05.943root 11241100x8000000000000000731925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eeebf5fe3c249b2021-12-21 12:54:05.943root 11241100x8000000000000000731926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a57f5e222e0aedf2021-12-21 12:54:05.943root 11241100x8000000000000000731927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.130{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:54:06.130root 11241100x8000000000000000731928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593fd282c9e9a3ba2021-12-21 12:54:06.443root 11241100x8000000000000000731929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3d7a25ac02d1452021-12-21 12:54:06.443root 11241100x8000000000000000731930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9ab7772261ecb62021-12-21 12:54:06.443root 11241100x8000000000000000731931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2158615513570212021-12-21 12:54:06.443root 11241100x8000000000000000731932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b444d214b33542422021-12-21 12:54:06.443root 11241100x8000000000000000731933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578633fd2c22e6f32021-12-21 12:54:06.443root 11241100x8000000000000000731934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488b34d75c3c481a2021-12-21 12:54:06.443root 11241100x8000000000000000731935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7ebf3210fd81d22021-12-21 12:54:06.443root 11241100x8000000000000000731936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8cf17bc1896c972021-12-21 12:54:06.943root 11241100x8000000000000000731937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe53947ff5acfe62021-12-21 12:54:06.943root 11241100x8000000000000000731938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1559b41f1d6b899b2021-12-21 12:54:06.943root 11241100x8000000000000000731939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afc47b63e825f4b2021-12-21 12:54:06.943root 11241100x8000000000000000731940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30624d4f6f9f7aab2021-12-21 12:54:06.943root 11241100x8000000000000000731941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81adb82e05fce4682021-12-21 12:54:06.943root 11241100x8000000000000000731942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b18e8034d841e512021-12-21 12:54:06.943root 11241100x8000000000000000731943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd618eb77c4ca6ad2021-12-21 12:54:06.943root 354300x8000000000000000731944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.163{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50648-false10.0.1.12-8000- 11241100x8000000000000000731945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0072dd07c5064cc72021-12-21 12:54:07.443root 11241100x8000000000000000731946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8163aea62db99d8f2021-12-21 12:54:07.443root 11241100x8000000000000000731947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fae77a7517b1732021-12-21 12:54:07.443root 11241100x8000000000000000731948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae335139e934af2021-12-21 12:54:07.443root 11241100x8000000000000000731949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de89cc7cca452b5b2021-12-21 12:54:07.443root 11241100x8000000000000000731950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255d76e5e0e89d182021-12-21 12:54:07.443root 11241100x8000000000000000731951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a77ea0831d566782021-12-21 12:54:07.443root 11241100x8000000000000000731952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b64d8b17af56212021-12-21 12:54:07.443root 11241100x8000000000000000731953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5d49d207f4cfef2021-12-21 12:54:07.443root 11241100x8000000000000000731954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5fa78ae38471b12021-12-21 12:54:07.943root 11241100x8000000000000000731955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab2a7cc063d43f42021-12-21 12:54:07.943root 11241100x8000000000000000731956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d31be1e684700932021-12-21 12:54:07.943root 11241100x8000000000000000731957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9b5af3e60adb72021-12-21 12:54:07.943root 11241100x8000000000000000731958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067110c806f79bd42021-12-21 12:54:07.943root 11241100x8000000000000000731959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f78ea6d4fd40dc2021-12-21 12:54:07.943root 11241100x8000000000000000731960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b28b389f1047392021-12-21 12:54:07.943root 11241100x8000000000000000731961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9855417cb853b162021-12-21 12:54:07.944root 11241100x8000000000000000731962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214448a1b6dad49e2021-12-21 12:54:07.944root 11241100x8000000000000000731963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17720a7070708bd02021-12-21 12:54:08.443root 11241100x8000000000000000731964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ff675c395521c82021-12-21 12:54:08.443root 11241100x8000000000000000731965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619526904689cc1d2021-12-21 12:54:08.443root 11241100x8000000000000000731966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6963809ce544522021-12-21 12:54:08.443root 11241100x8000000000000000731967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40a592cbe2dc3c52021-12-21 12:54:08.443root 11241100x8000000000000000731968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000ce13cca51f0ee2021-12-21 12:54:08.443root 11241100x8000000000000000731969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e53d98752cd3812021-12-21 12:54:08.443root 11241100x8000000000000000731970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27894040fb5f421b2021-12-21 12:54:08.443root 11241100x8000000000000000731971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4da1a61f40ba6f2021-12-21 12:54:08.443root 11241100x8000000000000000731972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16e15f5865987db2021-12-21 12:54:08.943root 11241100x8000000000000000731973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddc869366d189962021-12-21 12:54:08.943root 11241100x8000000000000000731974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023a9fd07c7c67b62021-12-21 12:54:08.943root 11241100x8000000000000000731975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96fc1de166065f22021-12-21 12:54:08.943root 11241100x8000000000000000731976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c039950b6be3221f2021-12-21 12:54:08.943root 11241100x8000000000000000731977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea0da74e6843c292021-12-21 12:54:08.943root 11241100x8000000000000000731978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907467ebf78485be2021-12-21 12:54:08.943root 11241100x8000000000000000731979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88196979d08227602021-12-21 12:54:08.943root 11241100x8000000000000000731980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279d5698f0f09a452021-12-21 12:54:08.943root 23542300x8000000000000000731981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.132{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000731982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7577fd43d0a0e7872021-12-21 12:54:09.443root 11241100x8000000000000000731983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a4200fba08727a2021-12-21 12:54:09.443root 11241100x8000000000000000731984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acf0721583b53332021-12-21 12:54:09.443root 11241100x8000000000000000731985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3c490bea73d89c2021-12-21 12:54:09.443root 11241100x8000000000000000731986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00b39f0929424e2021-12-21 12:54:09.443root 11241100x8000000000000000731987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83cca8384d479c02021-12-21 12:54:09.443root 11241100x8000000000000000731988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4507b3c359416482021-12-21 12:54:09.443root 11241100x8000000000000000731989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c32666392ebf0e92021-12-21 12:54:09.443root 11241100x8000000000000000731990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92fd69f431847cc2021-12-21 12:54:09.443root 11241100x8000000000000000731991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c65c6387d32e502021-12-21 12:54:09.444root 11241100x8000000000000000731992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae94a21b345f2562021-12-21 12:54:09.943root 11241100x8000000000000000731993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa10e9225cafa1a72021-12-21 12:54:09.943root 11241100x8000000000000000731994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02be3d46e12bc1c62021-12-21 12:54:09.943root 11241100x8000000000000000731995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f78793fd602c9a2021-12-21 12:54:09.943root 11241100x8000000000000000731996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f22c709c894db2021-12-21 12:54:09.943root 11241100x8000000000000000731997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b581138609a76882021-12-21 12:54:09.943root 11241100x8000000000000000731998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5f04ad99a503902021-12-21 12:54:09.943root 11241100x8000000000000000731999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ef5d068d4136e12021-12-21 12:54:09.943root 11241100x8000000000000000732000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e77294f4bfbc9612021-12-21 12:54:09.943root 11241100x8000000000000000732001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8b22f9e3b61fc82021-12-21 12:54:09.944root 11241100x8000000000000000732002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8985244f7bbfaef02021-12-21 12:54:10.443root 11241100x8000000000000000732003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3120f000807232452021-12-21 12:54:10.443root 11241100x8000000000000000732004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec6c6b79e2e2ded2021-12-21 12:54:10.443root 11241100x8000000000000000732005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f889b8e5eb44ce92021-12-21 12:54:10.443root 11241100x8000000000000000732006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3874771d246b6f22021-12-21 12:54:10.443root 11241100x8000000000000000732007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45edd770daff3c152021-12-21 12:54:10.443root 11241100x8000000000000000732008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e77d847542635db2021-12-21 12:54:10.443root 11241100x8000000000000000732009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ccc85755eb43992021-12-21 12:54:10.443root 11241100x8000000000000000732010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd90aadadcc53a532021-12-21 12:54:10.443root 11241100x8000000000000000732011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361025a5ddecb2ea2021-12-21 12:54:10.444root 11241100x8000000000000000732012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f936ce7f5277842021-12-21 12:54:10.943root 11241100x8000000000000000732013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5519bad53c4c5b762021-12-21 12:54:10.943root 11241100x8000000000000000732014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcac36b77fd595d2021-12-21 12:54:10.943root 11241100x8000000000000000732015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6805291fa2d59fff2021-12-21 12:54:10.943root 11241100x8000000000000000732016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90800ba479cc09d02021-12-21 12:54:10.943root 11241100x8000000000000000732017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef472002fb8ec3932021-12-21 12:54:10.943root 11241100x8000000000000000732018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9517c17a9db58a312021-12-21 12:54:10.944root 11241100x8000000000000000732019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c91ce3a5de0b22021-12-21 12:54:10.944root 11241100x8000000000000000732020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1637d9a8e5ba262021-12-21 12:54:10.944root 11241100x8000000000000000732021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2ef0e0b549f6952021-12-21 12:54:10.944root 11241100x8000000000000000732022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0277600846199d572021-12-21 12:54:11.443root 11241100x8000000000000000732023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14417b38e10400782021-12-21 12:54:11.443root 11241100x8000000000000000732024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8f2410d2f4d9132021-12-21 12:54:11.443root 11241100x8000000000000000732025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec86985e20ef1b012021-12-21 12:54:11.443root 11241100x8000000000000000732026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6e27336498f6c72021-12-21 12:54:11.444root 11241100x8000000000000000732027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe600acde0356722021-12-21 12:54:11.444root 11241100x8000000000000000732028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed09035ed95830572021-12-21 12:54:11.444root 11241100x8000000000000000732029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b548b35bbdc8f472021-12-21 12:54:11.444root 11241100x8000000000000000732030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf5041daa29c5142021-12-21 12:54:11.444root 11241100x8000000000000000732031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb17adfc045161ce2021-12-21 12:54:11.444root 11241100x8000000000000000732032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3136c9889f404d4b2021-12-21 12:54:11.943root 11241100x8000000000000000732033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8ebb275b960b4c2021-12-21 12:54:11.943root 11241100x8000000000000000732034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283723fcd7effc392021-12-21 12:54:11.943root 11241100x8000000000000000732035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef39e6af4a480ac82021-12-21 12:54:11.943root 11241100x8000000000000000732036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d9781b4ff6516a2021-12-21 12:54:11.943root 11241100x8000000000000000732037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a07a2eb2776aba22021-12-21 12:54:11.943root 11241100x8000000000000000732038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49241398c24323cc2021-12-21 12:54:11.943root 11241100x8000000000000000732039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e09c009cf2cdf442021-12-21 12:54:11.944root 11241100x8000000000000000732040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585efc1a5a39190d2021-12-21 12:54:11.944root 11241100x8000000000000000732041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa753d65a24fe9c62021-12-21 12:54:11.944root 11241100x8000000000000000732042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f07f1e5b523e012021-12-21 12:54:12.443root 11241100x8000000000000000732043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5395a16c73f73d52021-12-21 12:54:12.443root 11241100x8000000000000000732044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb73caf8f339d7b52021-12-21 12:54:12.443root 11241100x8000000000000000732045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ca9385a20202082021-12-21 12:54:12.443root 11241100x8000000000000000732046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744046918affecf12021-12-21 12:54:12.443root 11241100x8000000000000000732047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22cc2c83da24cc22021-12-21 12:54:12.443root 11241100x8000000000000000732048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af71c0bf40d4ae02021-12-21 12:54:12.443root 11241100x8000000000000000732049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe709c170801fd132021-12-21 12:54:12.443root 11241100x8000000000000000732050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e704a9849fd970fb2021-12-21 12:54:12.443root 11241100x8000000000000000732051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee48373e85726b152021-12-21 12:54:12.443root 11241100x8000000000000000732052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0122a0ff4fa787492021-12-21 12:54:12.943root 11241100x8000000000000000732053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d897d41c89745dde2021-12-21 12:54:12.943root 11241100x8000000000000000732054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18609efa3918b5362021-12-21 12:54:12.943root 11241100x8000000000000000732055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05a42de12dfc0aa2021-12-21 12:54:12.943root 11241100x8000000000000000732056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b352fc3352248a42021-12-21 12:54:12.943root 11241100x8000000000000000732057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2395bf7b72813ae72021-12-21 12:54:12.943root 11241100x8000000000000000732058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048bd0128e3b3bb02021-12-21 12:54:12.943root 11241100x8000000000000000732059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dbe5974fb89cae2021-12-21 12:54:12.943root 11241100x8000000000000000732060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ce9dc8e1b9e5602021-12-21 12:54:12.943root 11241100x8000000000000000732061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71f1e11296ee17b2021-12-21 12:54:12.944root 354300x8000000000000000732062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.056{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50650-false10.0.1.12-8000- 11241100x8000000000000000732063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e60c770f9919f22021-12-21 12:54:13.443root 11241100x8000000000000000732064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b10f93afed6c792021-12-21 12:54:13.443root 11241100x8000000000000000732065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa08449801dfc3b12021-12-21 12:54:13.445root 11241100x8000000000000000732066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab5b461ad7275b92021-12-21 12:54:13.445root 11241100x8000000000000000732067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaf8376d422d8cb2021-12-21 12:54:13.445root 11241100x8000000000000000732068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22691708576867b22021-12-21 12:54:13.445root 11241100x8000000000000000732069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec163037ae415f52021-12-21 12:54:13.446root 11241100x8000000000000000732070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53e0e150c0166fa2021-12-21 12:54:13.446root 11241100x8000000000000000732071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6655c9252c6c803e2021-12-21 12:54:13.446root 11241100x8000000000000000732072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb38ab1fce4ecfd2021-12-21 12:54:13.446root 11241100x8000000000000000732073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6380102aa8ed777d2021-12-21 12:54:13.446root 11241100x8000000000000000732074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8d656b38decda62021-12-21 12:54:13.943root 11241100x8000000000000000732075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4a3359748cd4572021-12-21 12:54:13.943root 11241100x8000000000000000732076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769739c2d992a3702021-12-21 12:54:13.943root 11241100x8000000000000000732077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6377759323161b42021-12-21 12:54:13.943root 11241100x8000000000000000732078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcddb1b828eb050d2021-12-21 12:54:13.943root 11241100x8000000000000000732079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106b9ccbaad1786a2021-12-21 12:54:13.943root 11241100x8000000000000000732080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bec282c7e276bd2021-12-21 12:54:13.943root 11241100x8000000000000000732081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b188d19e800f432021-12-21 12:54:13.943root 11241100x8000000000000000732082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7482330f317042832021-12-21 12:54:13.943root 11241100x8000000000000000732083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6099bc36470d88a2021-12-21 12:54:13.943root 11241100x8000000000000000732084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0c78e654516e822021-12-21 12:54:13.944root 11241100x8000000000000000732085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be15e93553051b52021-12-21 12:54:14.443root 11241100x8000000000000000732086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07cbe1e57fc2d782021-12-21 12:54:14.443root 11241100x8000000000000000732087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2344acf90fb43c2021-12-21 12:54:14.443root 11241100x8000000000000000732088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7331557d6c2c49d2021-12-21 12:54:14.443root 11241100x8000000000000000732089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adfa7670dfd49da2021-12-21 12:54:14.443root 11241100x8000000000000000732090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93312a8f83262d82021-12-21 12:54:14.443root 11241100x8000000000000000732091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749c2419f81378222021-12-21 12:54:14.443root 11241100x8000000000000000732092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dcf877aa80ac832021-12-21 12:54:14.443root 11241100x8000000000000000732093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb86bfc98c351bb2021-12-21 12:54:14.444root 11241100x8000000000000000732094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273a3f1552f5a3352021-12-21 12:54:14.444root 11241100x8000000000000000732095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21418728264f6ca2021-12-21 12:54:14.444root 11241100x8000000000000000732096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb308a58f2850a12021-12-21 12:54:14.943root 11241100x8000000000000000732097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf568231a5fb40d2021-12-21 12:54:14.943root 11241100x8000000000000000732098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daf851f53e247432021-12-21 12:54:14.943root 11241100x8000000000000000732099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8a07e886b9e0112021-12-21 12:54:14.943root 11241100x8000000000000000732100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21c404bd02219382021-12-21 12:54:14.943root 11241100x8000000000000000732101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2059ed37fa98ef2021-12-21 12:54:14.943root 11241100x8000000000000000732102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed5f08e3b7323e62021-12-21 12:54:14.943root 11241100x8000000000000000732103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93eae74b79116be52021-12-21 12:54:14.943root 11241100x8000000000000000732104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b682e0385d65eb3c2021-12-21 12:54:14.943root 11241100x8000000000000000732105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d27d5e6ee4a5b72021-12-21 12:54:14.944root 11241100x8000000000000000732106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02988feef642a5a32021-12-21 12:54:14.944root 11241100x8000000000000000732107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08a3098827d86982021-12-21 12:54:15.443root 11241100x8000000000000000732108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55d0933e2e3825e2021-12-21 12:54:15.443root 11241100x8000000000000000732109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490ce0fb2b6865632021-12-21 12:54:15.443root 11241100x8000000000000000732110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a33e1b5c975f7b92021-12-21 12:54:15.443root 11241100x8000000000000000732111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e0fc9adbb63c772021-12-21 12:54:15.443root 11241100x8000000000000000732112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2426761b0031a9b2021-12-21 12:54:15.443root 11241100x8000000000000000732113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5603106be53ae8dc2021-12-21 12:54:15.443root 11241100x8000000000000000732114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3466f0658bcd722021-12-21 12:54:15.444root 11241100x8000000000000000732115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49d8bb9571e06b82021-12-21 12:54:15.444root 11241100x8000000000000000732116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7b52f983ccee9d2021-12-21 12:54:15.444root 11241100x8000000000000000732117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3e662d4215c7562021-12-21 12:54:15.444root 11241100x8000000000000000732118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c98d70e806fd9e2021-12-21 12:54:15.943root 11241100x8000000000000000732119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b765c25682902e302021-12-21 12:54:15.943root 11241100x8000000000000000732120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c210cade85ff6522021-12-21 12:54:15.943root 11241100x8000000000000000732121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e845d1d4d0324f2021-12-21 12:54:15.943root 11241100x8000000000000000732122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f8630a97b65b132021-12-21 12:54:15.943root 11241100x8000000000000000732123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c491efac902577e72021-12-21 12:54:15.943root 11241100x8000000000000000732124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede1e7eb233dec8c2021-12-21 12:54:15.943root 11241100x8000000000000000732125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d31f7b557971af2021-12-21 12:54:15.943root 11241100x8000000000000000732126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b29e6d453226be2021-12-21 12:54:15.943root 11241100x8000000000000000732127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad86c232035d0cb02021-12-21 12:54:15.944root 11241100x8000000000000000732128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a900ced0f74442021-12-21 12:54:15.944root 11241100x8000000000000000732129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e7c20f7eacdd352021-12-21 12:54:16.443root 11241100x8000000000000000732130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212bc7d453cd3b492021-12-21 12:54:16.443root 11241100x8000000000000000732131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140d89c3c188fceb2021-12-21 12:54:16.443root 11241100x8000000000000000732132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971616aa739a9b772021-12-21 12:54:16.443root 11241100x8000000000000000732133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023a8a1e0a62389a2021-12-21 12:54:16.443root 11241100x8000000000000000732134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43a0727859304b02021-12-21 12:54:16.443root 11241100x8000000000000000732135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a365d5d6d055c1b02021-12-21 12:54:16.443root 11241100x8000000000000000732136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070f2f05994336fe2021-12-21 12:54:16.443root 11241100x8000000000000000732137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1060d11572046b2021-12-21 12:54:16.444root 11241100x8000000000000000732138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082fb562741ed49b2021-12-21 12:54:16.444root 11241100x8000000000000000732139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41def51b83c541882021-12-21 12:54:16.444root 11241100x8000000000000000732140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6497c44121612fc32021-12-21 12:54:16.943root 11241100x8000000000000000732141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d634bb04b220c4b2021-12-21 12:54:16.943root 11241100x8000000000000000732142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f9af98fb20c4d92021-12-21 12:54:16.943root 11241100x8000000000000000732143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a1b65f9fac178a2021-12-21 12:54:16.943root 11241100x8000000000000000732144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9550819fde6a6d52021-12-21 12:54:16.943root 11241100x8000000000000000732145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb22517049662d8b2021-12-21 12:54:16.943root 11241100x8000000000000000732146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39c328f1c81b2852021-12-21 12:54:16.943root 11241100x8000000000000000732147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131d9017cd195b1b2021-12-21 12:54:16.943root 11241100x8000000000000000732148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c17ebcd3a9244d92021-12-21 12:54:16.943root 11241100x8000000000000000732149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e99e5c05cb4812021-12-21 12:54:16.943root 11241100x8000000000000000732150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0111834fd1436062021-12-21 12:54:16.944root 11241100x8000000000000000732151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e59365008a0ad442021-12-21 12:54:17.443root 11241100x8000000000000000732152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab680811da534c92021-12-21 12:54:17.443root 11241100x8000000000000000732153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dad21037ede5ffc2021-12-21 12:54:17.443root 11241100x8000000000000000732154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fbb93164d9954f2021-12-21 12:54:17.443root 11241100x8000000000000000732155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4083c55bf0adb63d2021-12-21 12:54:17.443root 11241100x8000000000000000732156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dd16d07c2699332021-12-21 12:54:17.443root 11241100x8000000000000000732157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a02a43c8ef6a4312021-12-21 12:54:17.443root 11241100x8000000000000000732158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e4c92bfa84c3892021-12-21 12:54:17.443root 11241100x8000000000000000732159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfac2d68ded48f512021-12-21 12:54:17.444root 11241100x8000000000000000732160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10ab987797785ce2021-12-21 12:54:17.444root 11241100x8000000000000000732161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6c2c3e231e9e782021-12-21 12:54:17.444root 11241100x8000000000000000732162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ea0539e7f9a3852021-12-21 12:54:17.943root 11241100x8000000000000000732163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ca639916c40c7c2021-12-21 12:54:17.943root 11241100x8000000000000000732164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299b8a12f573ac6d2021-12-21 12:54:17.943root 11241100x8000000000000000732165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c82f8cbbb411ea52021-12-21 12:54:17.943root 11241100x8000000000000000732166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522e7881439a8cf82021-12-21 12:54:17.943root 11241100x8000000000000000732167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efc0488de5d58e42021-12-21 12:54:17.944root 11241100x8000000000000000732168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2a000322a9227d2021-12-21 12:54:17.944root 11241100x8000000000000000732169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d930f3863261551c2021-12-21 12:54:17.944root 11241100x8000000000000000732170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c8aad73f6c2a22021-12-21 12:54:17.944root 11241100x8000000000000000732171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3140c12d2cf2ef2021-12-21 12:54:17.944root 11241100x8000000000000000732172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedd2c3a6480ff822021-12-21 12:54:17.944root 354300x8000000000000000732173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.118{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50652-false10.0.1.12-8000- 11241100x8000000000000000732174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045b2a849423da092021-12-21 12:54:18.443root 11241100x8000000000000000732175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71602aa5434a05882021-12-21 12:54:18.443root 11241100x8000000000000000732176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdfa21f6524319e2021-12-21 12:54:18.443root 11241100x8000000000000000732177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae96333c4d17bb382021-12-21 12:54:18.443root 11241100x8000000000000000732178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacb4c0bfdc385ea2021-12-21 12:54:18.443root 11241100x8000000000000000732179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a170043c5615df6b2021-12-21 12:54:18.443root 11241100x8000000000000000732180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef751a48c05f9d922021-12-21 12:54:18.443root 11241100x8000000000000000732181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384f7be0c1dea6b52021-12-21 12:54:18.443root 11241100x8000000000000000732182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63958f532f0f26132021-12-21 12:54:18.444root 11241100x8000000000000000732183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf64acf41868a6642021-12-21 12:54:18.444root 11241100x8000000000000000732184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f672f3f15a36262021-12-21 12:54:18.444root 11241100x8000000000000000732185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac1a8590030b6e2021-12-21 12:54:18.444root 11241100x8000000000000000732186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d40a6ac8b191d232021-12-21 12:54:18.943root 11241100x8000000000000000732187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11926563a152b6c2021-12-21 12:54:18.943root 11241100x8000000000000000732188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5040cbbac0c70cc2021-12-21 12:54:18.943root 11241100x8000000000000000732189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de761a4ef9cc74f32021-12-21 12:54:18.943root 11241100x8000000000000000732190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1825857ef13f7d2021-12-21 12:54:18.943root 11241100x8000000000000000732191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a45310ed07c9e12021-12-21 12:54:18.943root 11241100x8000000000000000732192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce94a67bd9523dd2021-12-21 12:54:18.944root 11241100x8000000000000000732193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b7833c668da84f2021-12-21 12:54:18.944root 11241100x8000000000000000732194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba47c852bbb74112021-12-21 12:54:18.944root 11241100x8000000000000000732195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be3dda756d2e8812021-12-21 12:54:18.944root 11241100x8000000000000000732196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c296287a18421f82021-12-21 12:54:18.944root 11241100x8000000000000000732197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901fafaa9349be6c2021-12-21 12:54:18.944root 11241100x8000000000000000732198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff71d38c6ab94fc2021-12-21 12:54:19.443root 11241100x8000000000000000732199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939578e8442495af2021-12-21 12:54:19.443root 11241100x8000000000000000732200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd18bb8bd397dc82021-12-21 12:54:19.443root 11241100x8000000000000000732201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996247a9c55a95e62021-12-21 12:54:19.443root 11241100x8000000000000000732202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfc343df9b838772021-12-21 12:54:19.443root 11241100x8000000000000000732203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2844cb8d6fa758e42021-12-21 12:54:19.443root 11241100x8000000000000000732204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf1464b1733ef7e2021-12-21 12:54:19.443root 11241100x8000000000000000732205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2b1255aa148f0d2021-12-21 12:54:19.443root 11241100x8000000000000000732206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500f7324dbfa85a52021-12-21 12:54:19.443root 11241100x8000000000000000732207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5852e0d3124be8b2021-12-21 12:54:19.444root 11241100x8000000000000000732208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9363cbbee02e0b2021-12-21 12:54:19.444root 11241100x8000000000000000732209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e46b5678fa5d5fb2021-12-21 12:54:19.444root 11241100x8000000000000000732210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8a8eabc185655d2021-12-21 12:54:19.943root 11241100x8000000000000000732211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6453d67c7824857a2021-12-21 12:54:19.943root 11241100x8000000000000000732212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438d9ec7975d331a2021-12-21 12:54:19.943root 11241100x8000000000000000732213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b1e96298d8c8f82021-12-21 12:54:19.943root 11241100x8000000000000000732214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9594521f821d628e2021-12-21 12:54:19.943root 11241100x8000000000000000732215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f274537a357e472021-12-21 12:54:19.943root 11241100x8000000000000000732216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c5ab58d78c96ab2021-12-21 12:54:19.943root 11241100x8000000000000000732217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff1586915aad4b2021-12-21 12:54:19.943root 11241100x8000000000000000732218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d94e8d0fbc22592021-12-21 12:54:19.943root 11241100x8000000000000000732219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccdbd9e04edc1092021-12-21 12:54:19.943root 11241100x8000000000000000732220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e881faaa3f5fcb922021-12-21 12:54:19.944root 11241100x8000000000000000732221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1967ddb368c6da2a2021-12-21 12:54:19.944root 11241100x8000000000000000732222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addd50ecf334af892021-12-21 12:54:20.443root 11241100x8000000000000000732223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b30958f06b88a2021-12-21 12:54:20.443root 11241100x8000000000000000732224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3505352fd19b972021-12-21 12:54:20.443root 11241100x8000000000000000732225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744a8caf23b4e5772021-12-21 12:54:20.443root 11241100x8000000000000000732226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad5e5eb95b681f42021-12-21 12:54:20.443root 11241100x8000000000000000732227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251824e7804a858b2021-12-21 12:54:20.443root 11241100x8000000000000000732228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccb62aa0b793c082021-12-21 12:54:20.443root 11241100x8000000000000000732229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f7c0b4dbd7067c2021-12-21 12:54:20.443root 11241100x8000000000000000732230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98273db1f3e6b4f22021-12-21 12:54:20.443root 11241100x8000000000000000732231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4494995b02ede122021-12-21 12:54:20.443root 11241100x8000000000000000732232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceff788878c577e52021-12-21 12:54:20.444root 11241100x8000000000000000732233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e475cbda3b6d19432021-12-21 12:54:20.444root 11241100x8000000000000000732234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1c51f5e7f774492021-12-21 12:54:20.943root 11241100x8000000000000000732235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31fef823e36f39e2021-12-21 12:54:20.943root 11241100x8000000000000000732236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70241baf7bd5acb92021-12-21 12:54:20.943root 11241100x8000000000000000732237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bf8bfafe486e0e2021-12-21 12:54:20.943root 11241100x8000000000000000732238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b198fc315c804ceb2021-12-21 12:54:20.943root 11241100x8000000000000000732239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bdc82b88782c7f2021-12-21 12:54:20.943root 11241100x8000000000000000732240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ba0e50f69058152021-12-21 12:54:20.943root 11241100x8000000000000000732241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf0028931860a562021-12-21 12:54:20.943root 11241100x8000000000000000732242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23609e8a998896b72021-12-21 12:54:20.943root 11241100x8000000000000000732243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5084109049c44e132021-12-21 12:54:20.944root 11241100x8000000000000000732244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943cd667fccb31be2021-12-21 12:54:20.944root 11241100x8000000000000000732245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9902a0f38c10fa32021-12-21 12:54:20.944root 11241100x8000000000000000732246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf72a4aa6c2a71e2021-12-21 12:54:21.443root 11241100x8000000000000000732247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc8d3e42176915f2021-12-21 12:54:21.443root 11241100x8000000000000000732248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf2cb9f4103c54f2021-12-21 12:54:21.443root 11241100x8000000000000000732249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13be6a055eb6e782021-12-21 12:54:21.443root 11241100x8000000000000000732250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408713110d9cb1102021-12-21 12:54:21.443root 11241100x8000000000000000732251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d5341b796c18772021-12-21 12:54:21.443root 11241100x8000000000000000732252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3e45bc00cd05f2021-12-21 12:54:21.443root 11241100x8000000000000000732253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e046660658002fb62021-12-21 12:54:21.443root 11241100x8000000000000000732254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f292931e677616062021-12-21 12:54:21.443root 11241100x8000000000000000732255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184777aa212ceafe2021-12-21 12:54:21.444root 11241100x8000000000000000732256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce19d0c4a375614a2021-12-21 12:54:21.444root 11241100x8000000000000000732257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4157168070dece2021-12-21 12:54:21.444root 11241100x8000000000000000732258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad94989b2838d7342021-12-21 12:54:21.943root 11241100x8000000000000000732259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017882fe01a7d6662021-12-21 12:54:21.943root 11241100x8000000000000000732260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789848ddec06b5712021-12-21 12:54:21.943root 11241100x8000000000000000732261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f43731716267c12021-12-21 12:54:21.943root 11241100x8000000000000000732262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486a948f352262ca2021-12-21 12:54:21.943root 11241100x8000000000000000732263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21572a29f44c2b162021-12-21 12:54:21.943root 11241100x8000000000000000732264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34bab08411025962021-12-21 12:54:21.943root 11241100x8000000000000000732265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2290c0ab9ba8558e2021-12-21 12:54:21.943root 11241100x8000000000000000732266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4abff8f1a81f8f72021-12-21 12:54:21.943root 11241100x8000000000000000732267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b6009660e05d1e2021-12-21 12:54:21.944root 11241100x8000000000000000732268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2f3bd136aaa3a42021-12-21 12:54:21.944root 11241100x8000000000000000732269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc89833cae7af83c2021-12-21 12:54:21.944root 11241100x8000000000000000732270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21be7493ab1ab21a2021-12-21 12:54:22.443root 11241100x8000000000000000732271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0883d61d9f83f7d2021-12-21 12:54:22.443root 11241100x8000000000000000732272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb083cced2b60bd52021-12-21 12:54:22.443root 11241100x8000000000000000732273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9922ad1c06643cb2021-12-21 12:54:22.443root 11241100x8000000000000000732274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3fb12eebd5e8922021-12-21 12:54:22.443root 11241100x8000000000000000732275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93dfd9e0e61405c2021-12-21 12:54:22.443root 11241100x8000000000000000732276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5299ce5120c979ea2021-12-21 12:54:22.443root 11241100x8000000000000000732277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff02aeaa0dc60862021-12-21 12:54:22.443root 11241100x8000000000000000732278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d364edfaa542762021-12-21 12:54:22.443root 11241100x8000000000000000732279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f024525f31f6e0e52021-12-21 12:54:22.444root 11241100x8000000000000000732280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ea5406b6be98722021-12-21 12:54:22.444root 11241100x8000000000000000732281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0674bce9ff3424b42021-12-21 12:54:22.444root 11241100x8000000000000000732282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8be94bb41178cd2021-12-21 12:54:22.943root 11241100x8000000000000000732283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1f6013f39db85d2021-12-21 12:54:22.943root 11241100x8000000000000000732284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2ddbeb57fa42f92021-12-21 12:54:22.943root 11241100x8000000000000000732285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a1c1e70de7a2df2021-12-21 12:54:22.943root 11241100x8000000000000000732286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a45296d3d52b432021-12-21 12:54:22.943root 11241100x8000000000000000732287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b050b73a4f0af18b2021-12-21 12:54:22.943root 11241100x8000000000000000732288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113a3acef40eaf6f2021-12-21 12:54:22.943root 11241100x8000000000000000732289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f90a8cbc52743a52021-12-21 12:54:22.943root 11241100x8000000000000000732290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7cd59e614fb3812021-12-21 12:54:22.943root 11241100x8000000000000000732291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1d948264e5974e2021-12-21 12:54:22.944root 11241100x8000000000000000732292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438a630a7c1ddc72021-12-21 12:54:22.944root 11241100x8000000000000000732293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec03eefc14104d222021-12-21 12:54:22.944root 354300x8000000000000000732294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.123{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50654-false10.0.1.12-8000- 11241100x8000000000000000732295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da0ef2a9c4fc0e52021-12-21 12:54:23.443root 11241100x8000000000000000732296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8249339fff35d8832021-12-21 12:54:23.443root 11241100x8000000000000000732297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5c32eb542b7ae72021-12-21 12:54:23.443root 11241100x8000000000000000732298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67874326a8d9e072021-12-21 12:54:23.443root 11241100x8000000000000000732299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1329faecef175b2021-12-21 12:54:23.443root 11241100x8000000000000000732300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db3a61adf08c582021-12-21 12:54:23.443root 11241100x8000000000000000732301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5521920eb10a5c762021-12-21 12:54:23.443root 11241100x8000000000000000732302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c32876925a58a192021-12-21 12:54:23.443root 11241100x8000000000000000732303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05982564e9135bcc2021-12-21 12:54:23.444root 11241100x8000000000000000732304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d4434ca015a8b62021-12-21 12:54:23.444root 11241100x8000000000000000732305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aa16f08207f97f2021-12-21 12:54:23.444root 11241100x8000000000000000732306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead1a4e8759a8d022021-12-21 12:54:23.444root 11241100x8000000000000000732307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213ba39b56e35d62021-12-21 12:54:23.444root 11241100x8000000000000000732308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097f00b63d6ffb422021-12-21 12:54:23.943root 11241100x8000000000000000732309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3f702b9b92732e2021-12-21 12:54:23.943root 11241100x8000000000000000732310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff064834939a449c2021-12-21 12:54:23.943root 11241100x8000000000000000732311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96f578ebff0357a2021-12-21 12:54:23.943root 11241100x8000000000000000732312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0078fc69adac342021-12-21 12:54:23.943root 11241100x8000000000000000732313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10828c45754220e72021-12-21 12:54:23.943root 11241100x8000000000000000732314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd8d2aae836f9c92021-12-21 12:54:23.943root 11241100x8000000000000000732315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca09ab08674f85c2021-12-21 12:54:23.943root 11241100x8000000000000000732316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382310f60fc367352021-12-21 12:54:23.944root 11241100x8000000000000000732317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d3532f14694db22021-12-21 12:54:23.944root 11241100x8000000000000000732318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f132fba4afd090922021-12-21 12:54:23.944root 11241100x8000000000000000732319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea79bf3ae53469e42021-12-21 12:54:23.944root 11241100x8000000000000000732320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10af4efbd0b2cd72021-12-21 12:54:23.944root 11241100x8000000000000000732321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f79d945deaeff3c2021-12-21 12:54:24.443root 11241100x8000000000000000732322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330c43e994c374702021-12-21 12:54:24.443root 11241100x8000000000000000732323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a4988d03a7a5a12021-12-21 12:54:24.443root 11241100x8000000000000000732324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d0fce229fdc43b2021-12-21 12:54:24.443root 11241100x8000000000000000732325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142202c51492e0b22021-12-21 12:54:24.443root 11241100x8000000000000000732326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4816be7c9c5d4582021-12-21 12:54:24.443root 11241100x8000000000000000732327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6a68a47699275d2021-12-21 12:54:24.443root 11241100x8000000000000000732328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e2e1ce58f174e02021-12-21 12:54:24.444root 11241100x8000000000000000732329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c6372c6e6e189f2021-12-21 12:54:24.444root 11241100x8000000000000000732330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aacc89c744c04032021-12-21 12:54:24.444root 11241100x8000000000000000732331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9837d630584b132021-12-21 12:54:24.444root 11241100x8000000000000000732332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169eb239438db4792021-12-21 12:54:24.444root 11241100x8000000000000000732333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be7d85c3fbddf122021-12-21 12:54:24.444root 11241100x8000000000000000732334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1b8f2d9a61243d2021-12-21 12:54:24.943root 11241100x8000000000000000732335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868ef723907330ca2021-12-21 12:54:24.943root 11241100x8000000000000000732336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9260184c954d9dff2021-12-21 12:54:24.943root 11241100x8000000000000000732337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea05df3c3163dd682021-12-21 12:54:24.943root 11241100x8000000000000000732338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c1e2632d7127272021-12-21 12:54:24.943root 11241100x8000000000000000732339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03a218a9b9d1c112021-12-21 12:54:24.943root 11241100x8000000000000000732340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de45d5ce51eb03552021-12-21 12:54:24.943root 11241100x8000000000000000732341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15017a00236e16612021-12-21 12:54:24.943root 11241100x8000000000000000732342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3673790c95f6352021-12-21 12:54:24.944root 11241100x8000000000000000732343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f30e264b2ca0fec2021-12-21 12:54:24.944root 11241100x8000000000000000732344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb2eeda365693f52021-12-21 12:54:24.944root 11241100x8000000000000000732345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01a54e5b69ec4c22021-12-21 12:54:24.944root 11241100x8000000000000000732346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744a0b60948717462021-12-21 12:54:24.944root 11241100x8000000000000000732347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d406b7bdab7dc2062021-12-21 12:54:25.443root 11241100x8000000000000000732348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc11b534db0469a2021-12-21 12:54:25.443root 11241100x8000000000000000732349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2955e8c0bb86906b2021-12-21 12:54:25.443root 11241100x8000000000000000732350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6045f8808c0dc52021-12-21 12:54:25.443root 11241100x8000000000000000732351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42beb6302e81eaf2021-12-21 12:54:25.443root 11241100x8000000000000000732352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4207340090e3b8e82021-12-21 12:54:25.443root 11241100x8000000000000000732353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe99d468c61425a42021-12-21 12:54:25.443root 11241100x8000000000000000732354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c89f21dab90992c2021-12-21 12:54:25.443root 11241100x8000000000000000732355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c3dcba213e74222021-12-21 12:54:25.444root 11241100x8000000000000000732356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb62f099afefb592021-12-21 12:54:25.444root 11241100x8000000000000000732357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5020ca928f0b01f32021-12-21 12:54:25.444root 11241100x8000000000000000732358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc95d6734e206fe2021-12-21 12:54:25.444root 11241100x8000000000000000732359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d140be4b5dda2002021-12-21 12:54:25.444root 11241100x8000000000000000732360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6850cdbbafa05ea22021-12-21 12:54:25.943root 11241100x8000000000000000732361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5730b2f723d72332021-12-21 12:54:25.943root 11241100x8000000000000000732362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89403e47a411c6592021-12-21 12:54:25.943root 11241100x8000000000000000732363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf590713d6a389d2021-12-21 12:54:25.943root 11241100x8000000000000000732364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9a4a9bd8604bc52021-12-21 12:54:25.943root 11241100x8000000000000000732365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cc589b517b33be2021-12-21 12:54:25.943root 11241100x8000000000000000732366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4fe68226b1fc102021-12-21 12:54:25.943root 11241100x8000000000000000732367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d9fe62f527bbfe2021-12-21 12:54:25.943root 11241100x8000000000000000732368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f094407e7c0e11012021-12-21 12:54:25.943root 11241100x8000000000000000732369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1521599cf3469bc82021-12-21 12:54:25.944root 11241100x8000000000000000732370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e78fcae7ff822d72021-12-21 12:54:25.944root 11241100x8000000000000000732371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ad22d2523123d32021-12-21 12:54:25.944root 11241100x8000000000000000732372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceae452aac6059f2021-12-21 12:54:25.944root 354300x8000000000000000732373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:25.993{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37720-false10.0.1.12-8089- 11241100x8000000000000000732374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72315951a4ce4b12021-12-21 12:54:26.443root 11241100x8000000000000000732375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168e8c84b9cfca442021-12-21 12:54:26.443root 11241100x8000000000000000732376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a434dfe0fa20052021-12-21 12:54:26.443root 11241100x8000000000000000732377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93351c50d6cd0a732021-12-21 12:54:26.443root 11241100x8000000000000000732378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b340a3d2cc510f2021-12-21 12:54:26.443root 11241100x8000000000000000732379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3017ac869c2820a52021-12-21 12:54:26.443root 11241100x8000000000000000732380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27da6a926c076932021-12-21 12:54:26.443root 11241100x8000000000000000732381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2029335b5b49e02021-12-21 12:54:26.444root 11241100x8000000000000000732382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a675a6b1c69697db2021-12-21 12:54:26.444root 11241100x8000000000000000732383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff80e6ea1cdb4542021-12-21 12:54:26.444root 11241100x8000000000000000732384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea5312760e8fff2021-12-21 12:54:26.444root 11241100x8000000000000000732385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c52080f483508c22021-12-21 12:54:26.444root 11241100x8000000000000000732386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c483be02c39f5982021-12-21 12:54:26.444root 11241100x8000000000000000732387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1f44d7ab1c30272021-12-21 12:54:26.444root 154100x8000000000000000732388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.615{ec2b6afe-ce82-61c1-5059-43fda7550000}10170/usr/bin/vim.basic-----vim /etc/shadow/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000732389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31d0afd12c891fb2021-12-21 12:54:26.943root 11241100x8000000000000000732390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384e0c9dc26a77262021-12-21 12:54:26.943root 11241100x8000000000000000732391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ad313e1de8dcf22021-12-21 12:54:26.943root 11241100x8000000000000000732392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a281173bd2e23e2021-12-21 12:54:26.943root 11241100x8000000000000000732393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f407de1cd14be12021-12-21 12:54:26.943root 11241100x8000000000000000732394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578f48b507eaa5d02021-12-21 12:54:26.943root 11241100x8000000000000000732395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f765ec895792c702021-12-21 12:54:26.943root 11241100x8000000000000000732396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52f497ad92f4e322021-12-21 12:54:26.943root 11241100x8000000000000000732397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4084e6153d5059912021-12-21 12:54:26.943root 11241100x8000000000000000732398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6798c47c6f96882021-12-21 12:54:26.944root 11241100x8000000000000000732399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2f816b0a62946e2021-12-21 12:54:26.944root 11241100x8000000000000000732400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00645a3a6c66160f2021-12-21 12:54:26.944root 11241100x8000000000000000732401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fb1207dfc938172021-12-21 12:54:26.944root 11241100x8000000000000000732402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9514b6930c5bb972021-12-21 12:54:26.944root 11241100x8000000000000000732403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9192b6cfa244d0422021-12-21 12:54:26.944root 11241100x8000000000000000732404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae207620313f9e0a2021-12-21 12:54:26.944root 11241100x8000000000000000732405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace1a78c8d19a74e2021-12-21 12:54:26.944root 11241100x8000000000000000732406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0c98fd8cfb96152021-12-21 12:54:26.945root 11241100x8000000000000000732407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cff27a9893088c2021-12-21 12:54:26.945root 11241100x8000000000000000732408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b7c35178c65ad02021-12-21 12:54:27.443root 11241100x8000000000000000732409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827fe9dcce34f99c2021-12-21 12:54:27.443root 11241100x8000000000000000732410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed9439183d0b5ea2021-12-21 12:54:27.443root 11241100x8000000000000000732411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e904acfebfe05f2021-12-21 12:54:27.443root 11241100x8000000000000000732412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9062339f3925c4802021-12-21 12:54:27.443root 11241100x8000000000000000732413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dadc5484faaf722021-12-21 12:54:27.443root 11241100x8000000000000000732414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6765f793d43bef2e2021-12-21 12:54:27.444root 11241100x8000000000000000732415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda77bdc6756d2972021-12-21 12:54:27.444root 11241100x8000000000000000732416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a48ac8f40fd162021-12-21 12:54:27.444root 11241100x8000000000000000732417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530c6ec235fa60a82021-12-21 12:54:27.444root 11241100x8000000000000000732418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ca913eba436c032021-12-21 12:54:27.444root 11241100x8000000000000000732419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e0dfaff9748dfa2021-12-21 12:54:27.444root 11241100x8000000000000000732420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d542b2340049342021-12-21 12:54:27.444root 11241100x8000000000000000732421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bd9645daa19a312021-12-21 12:54:27.444root 11241100x8000000000000000732422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c97685a737937512021-12-21 12:54:27.445root 11241100x8000000000000000732423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827c6f644fcd6e9d2021-12-21 12:54:27.943root 11241100x8000000000000000732424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76798c63d84fa6732021-12-21 12:54:27.943root 11241100x8000000000000000732425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d77389609db41f2021-12-21 12:54:27.943root 11241100x8000000000000000732426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776bcc9060e047042021-12-21 12:54:27.943root 11241100x8000000000000000732427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f4c52ee0c0fb092021-12-21 12:54:27.943root 11241100x8000000000000000732428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943c4737104c70c32021-12-21 12:54:27.943root 11241100x8000000000000000732429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4e384543f3bfcd2021-12-21 12:54:27.943root 11241100x8000000000000000732430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ed136cc764d232021-12-21 12:54:27.944root 11241100x8000000000000000732431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91163add5569feae2021-12-21 12:54:27.944root 11241100x8000000000000000732432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab47cccc3384807e2021-12-21 12:54:27.944root 11241100x8000000000000000732433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b255d38212e78fa2021-12-21 12:54:27.944root 11241100x8000000000000000732434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce1e28c4fc55b632021-12-21 12:54:27.944root 11241100x8000000000000000732435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1457fe639f41ce442021-12-21 12:54:27.944root 11241100x8000000000000000732436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478906a16ea6e532021-12-21 12:54:27.944root 11241100x8000000000000000732437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37889d4c3a8673b2021-12-21 12:54:27.944root 354300x8000000000000000732438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.214{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50658-false10.0.1.12-8000- 11241100x8000000000000000732439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c45d91379636a9e2021-12-21 12:54:28.214root 11241100x8000000000000000732440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4831b8af86c38b2021-12-21 12:54:28.215root 11241100x8000000000000000732441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0d36c3f022ae992021-12-21 12:54:28.215root 11241100x8000000000000000732442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c085073ae7a3942021-12-21 12:54:28.215root 11241100x8000000000000000732443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31bd53d7e81bd022021-12-21 12:54:28.215root 11241100x8000000000000000732444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863290cfbbeaa8e02021-12-21 12:54:28.216root 11241100x8000000000000000732445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc28ef603377378f2021-12-21 12:54:28.216root 11241100x8000000000000000732446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2021afdd57e35b252021-12-21 12:54:28.216root 11241100x8000000000000000732447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c7b647cbdceb9a2021-12-21 12:54:28.216root 11241100x8000000000000000732448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebad2eb9f42aeb932021-12-21 12:54:28.217root 11241100x8000000000000000732449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2669956e5be8aa432021-12-21 12:54:28.217root 11241100x8000000000000000732450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17b8d2dbbf6a6962021-12-21 12:54:28.217root 11241100x8000000000000000732451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039a5372997c8e732021-12-21 12:54:28.217root 11241100x8000000000000000732452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b873878eb0ff2b62021-12-21 12:54:28.218root 11241100x8000000000000000732453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7353b7fbf538752021-12-21 12:54:28.218root 11241100x8000000000000000732454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5872041ac871f0002021-12-21 12:54:28.218root 11241100x8000000000000000732455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc42ea66eb7081d2021-12-21 12:54:28.218root 11241100x8000000000000000732456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670f65c945567d9d2021-12-21 12:54:28.219root 11241100x8000000000000000732457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ad6fccc3c7bf4f2021-12-21 12:54:28.219root 11241100x8000000000000000732458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36830f27bb83f8a72021-12-21 12:54:28.693root 11241100x8000000000000000732459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3286d5150d69942021-12-21 12:54:28.693root 11241100x8000000000000000732460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310f0d7072ece43d2021-12-21 12:54:28.693root 11241100x8000000000000000732461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a562adcabc38a2d62021-12-21 12:54:28.693root 11241100x8000000000000000732462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a9b361668c9df72021-12-21 12:54:28.693root 11241100x8000000000000000732463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412c7f57b97775b92021-12-21 12:54:28.694root 11241100x8000000000000000732464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbf043e012c32822021-12-21 12:54:28.694root 11241100x8000000000000000732465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449a67d311a3d9ee2021-12-21 12:54:28.694root 11241100x8000000000000000732466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece39b472bdf4fea2021-12-21 12:54:28.694root 11241100x8000000000000000732467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5dafb9df7e20fb2021-12-21 12:54:28.694root 11241100x8000000000000000732468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb880dad1894ae1d2021-12-21 12:54:28.694root 11241100x8000000000000000732469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6986c1186a78afa22021-12-21 12:54:28.694root 11241100x8000000000000000732470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7133054a03b3472021-12-21 12:54:28.694root 11241100x8000000000000000732471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b84069ccd7cc8db2021-12-21 12:54:28.694root 11241100x8000000000000000732472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb82137fdee282982021-12-21 12:54:28.695root 11241100x8000000000000000732473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4444a186d0b9a0d32021-12-21 12:54:28.695root 11241100x8000000000000000732474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdaf244fb80560d2021-12-21 12:54:29.193root 11241100x8000000000000000732475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0897153146af91da2021-12-21 12:54:29.193root 11241100x8000000000000000732476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05039f70454916a22021-12-21 12:54:29.193root 11241100x8000000000000000732477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e5ea0101aed4b02021-12-21 12:54:29.193root 11241100x8000000000000000732478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b989038d8fed53102021-12-21 12:54:29.193root 11241100x8000000000000000732479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea19af5eab12f232021-12-21 12:54:29.194root 11241100x8000000000000000732480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e2935f3acafc792021-12-21 12:54:29.194root 11241100x8000000000000000732481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbfd3c9f804d04a2021-12-21 12:54:29.194root 11241100x8000000000000000732482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc46814f160e13e12021-12-21 12:54:29.194root 11241100x8000000000000000732483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e288b14ce557f82021-12-21 12:54:29.194root 11241100x8000000000000000732484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bb5173cc406e192021-12-21 12:54:29.194root 11241100x8000000000000000732485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc67f70adc2ad1d2021-12-21 12:54:29.194root 11241100x8000000000000000732486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3b04566a14f3222021-12-21 12:54:29.194root 11241100x8000000000000000732487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47066db942bd2cd32021-12-21 12:54:29.194root 11241100x8000000000000000732488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc4d76d66760cd2021-12-21 12:54:29.194root 11241100x8000000000000000732489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc371f6a664b87fd2021-12-21 12:54:29.194root 11241100x8000000000000000732490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aadf11327c40252021-12-21 12:54:29.693root 11241100x8000000000000000732491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed6b3ce86687ac42021-12-21 12:54:29.693root 11241100x8000000000000000732492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c503551b3ea8f0a2021-12-21 12:54:29.693root 11241100x8000000000000000732493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d4d1f2f356c76c2021-12-21 12:54:29.693root 11241100x8000000000000000732494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ee53c08e0033292021-12-21 12:54:29.693root 11241100x8000000000000000732495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57220c70fd844c392021-12-21 12:54:29.693root 11241100x8000000000000000732496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a41e17805eaa152021-12-21 12:54:29.693root 11241100x8000000000000000732497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce10c13c18d0fdc2021-12-21 12:54:29.693root 11241100x8000000000000000732498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ea978948ddb8712021-12-21 12:54:29.693root 11241100x8000000000000000732499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f2b6343725cb912021-12-21 12:54:29.694root 11241100x8000000000000000732500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4206852912f06a2a2021-12-21 12:54:29.694root 11241100x8000000000000000732501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad35e0a204af86c2021-12-21 12:54:29.694root 11241100x8000000000000000732502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366df1ebfe226582021-12-21 12:54:29.694root 11241100x8000000000000000732503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77df391f07774a12021-12-21 12:54:29.694root 11241100x8000000000000000732504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1400a8e6a425112021-12-21 12:54:29.694root 11241100x8000000000000000732505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f119495d756ec8c52021-12-21 12:54:29.694root 11241100x8000000000000000732506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1de2be9fc0364c52021-12-21 12:54:30.193root 11241100x8000000000000000732507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f5d02e7f9639b02021-12-21 12:54:30.193root 11241100x8000000000000000732508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a67aade1f39cad2021-12-21 12:54:30.193root 11241100x8000000000000000732509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5ea6d4de07312e2021-12-21 12:54:30.193root 11241100x8000000000000000732510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa365efdc6f3c4b2021-12-21 12:54:30.193root 11241100x8000000000000000732511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e74555f7d6894972021-12-21 12:54:30.193root 11241100x8000000000000000732512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9840487af45a68812021-12-21 12:54:30.193root 11241100x8000000000000000732513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3491cfb4a0e7bcb22021-12-21 12:54:30.193root 11241100x8000000000000000732514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b0608cdc8de7c82021-12-21 12:54:30.193root 11241100x8000000000000000732515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63e856fb738e44b2021-12-21 12:54:30.194root 11241100x8000000000000000732516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017a4524abe82e662021-12-21 12:54:30.194root 11241100x8000000000000000732517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e476746392980e2021-12-21 12:54:30.194root 11241100x8000000000000000732518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e51b1f33c9be9b2021-12-21 12:54:30.194root 11241100x8000000000000000732519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a629233a16525a2021-12-21 12:54:30.194root 11241100x8000000000000000732520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafc2a3728677b972021-12-21 12:54:30.194root 11241100x8000000000000000732521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6b23a7f76e51062021-12-21 12:54:30.194root 11241100x8000000000000000732522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18601b882a9235662021-12-21 12:54:30.693root 11241100x8000000000000000732523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea4ec70fc56f162021-12-21 12:54:30.693root 11241100x8000000000000000732524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cb28f630e27f482021-12-21 12:54:30.693root 11241100x8000000000000000732525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920036a51ae39e632021-12-21 12:54:30.693root 11241100x8000000000000000732526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e16655446d8eea2021-12-21 12:54:30.693root 11241100x8000000000000000732527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778ed668d1fd1cf22021-12-21 12:54:30.693root 11241100x8000000000000000732528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa08092831748832021-12-21 12:54:30.693root 11241100x8000000000000000732529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3472436bd5864ad52021-12-21 12:54:30.694root 11241100x8000000000000000732530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbb5a42b4bbe5652021-12-21 12:54:30.694root 11241100x8000000000000000732531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cdad4070ff50be2021-12-21 12:54:30.694root 11241100x8000000000000000732532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e28959a0aef82c82021-12-21 12:54:30.694root 11241100x8000000000000000732533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61227fd9f8f116de2021-12-21 12:54:30.694root 11241100x8000000000000000732534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb2c422cf30a6ce2021-12-21 12:54:30.694root 11241100x8000000000000000732535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3fdd7c4ea4e7032021-12-21 12:54:30.694root 11241100x8000000000000000732536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df625c425c0023f32021-12-21 12:54:30.694root 11241100x8000000000000000732537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032672e007a4db3e2021-12-21 12:54:30.694root 11241100x8000000000000000732538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2417ecf4d887dc9a2021-12-21 12:54:31.193root 11241100x8000000000000000732539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad777eda134fa5f2021-12-21 12:54:31.193root 11241100x8000000000000000732540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42884ff692763a162021-12-21 12:54:31.193root 11241100x8000000000000000732541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9d35ca21ff88112021-12-21 12:54:31.193root 11241100x8000000000000000732542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28a4672b4f7a6312021-12-21 12:54:31.193root 11241100x8000000000000000732543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f107a60ecdc577b72021-12-21 12:54:31.193root 11241100x8000000000000000732544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0dabe9c4a5e41902021-12-21 12:54:31.193root 11241100x8000000000000000732545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f706603f7dfdb2021-12-21 12:54:31.193root 11241100x8000000000000000732546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e832a25482e8ae52021-12-21 12:54:31.193root 11241100x8000000000000000732547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e37987331a638d2021-12-21 12:54:31.193root 11241100x8000000000000000732548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd3b0796878caf2021-12-21 12:54:31.194root 11241100x8000000000000000732549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0868a420757ae2242021-12-21 12:54:31.194root 11241100x8000000000000000732550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2785fd48f80c362021-12-21 12:54:31.194root 11241100x8000000000000000732551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dd26eee5ffbe112021-12-21 12:54:31.194root 11241100x8000000000000000732552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387501502879edb02021-12-21 12:54:31.194root 11241100x8000000000000000732553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbab473f8f607bd2021-12-21 12:54:31.194root 11241100x8000000000000000732554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2de1386c5fc5452021-12-21 12:54:31.194root 11241100x8000000000000000732555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3c14ce9891b6d42021-12-21 12:54:31.692root 11241100x8000000000000000732556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b204a61977b8d92021-12-21 12:54:31.693root 11241100x8000000000000000732557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28d3f2f7796bb992021-12-21 12:54:31.693root 11241100x8000000000000000732558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38863d0e4117998b2021-12-21 12:54:31.693root 11241100x8000000000000000732559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a52f0eff570bfb2021-12-21 12:54:31.693root 11241100x8000000000000000732560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff9f1e6efa2ed9d2021-12-21 12:54:31.693root 11241100x8000000000000000732561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02733682f37c7af02021-12-21 12:54:31.693root 11241100x8000000000000000732562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c08ecc6f9a9ab932021-12-21 12:54:31.693root 11241100x8000000000000000732563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8501476310278a2021-12-21 12:54:31.693root 11241100x8000000000000000732564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48761459b62f650a2021-12-21 12:54:31.694root 11241100x8000000000000000732565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5ffff55eb4192d2021-12-21 12:54:31.694root 11241100x8000000000000000732566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d971c5bc5ee9d42021-12-21 12:54:31.694root 11241100x8000000000000000732567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce0e8c6605e4a232021-12-21 12:54:31.694root 11241100x8000000000000000732568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e175357ef85b0e8c2021-12-21 12:54:31.694root 11241100x8000000000000000732569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ad707b6133b852021-12-21 12:54:31.694root 11241100x8000000000000000732570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc8045b572873262021-12-21 12:54:31.694root 11241100x8000000000000000732571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad5494176356cfb2021-12-21 12:54:32.193root 11241100x8000000000000000732572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22bfa4cca4290fe2021-12-21 12:54:32.193root 11241100x8000000000000000732573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3d0f9ac11c797e2021-12-21 12:54:32.193root 11241100x8000000000000000732574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6e02478c1cdfc2021-12-21 12:54:32.193root 11241100x8000000000000000732575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0cdaae1471ef6e2021-12-21 12:54:32.193root 11241100x8000000000000000732576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7131f0779d542a5e2021-12-21 12:54:32.193root 11241100x8000000000000000732577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8e2b7be8698eb62021-12-21 12:54:32.193root 11241100x8000000000000000732578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d2dd7e4f0c41b92021-12-21 12:54:32.194root 11241100x8000000000000000732579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7141c31088bb008f2021-12-21 12:54:32.194root 11241100x8000000000000000732580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b63d7d51c30de22021-12-21 12:54:32.194root 11241100x8000000000000000732581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0530926782a077132021-12-21 12:54:32.194root 11241100x8000000000000000732582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67c0814b84ba93c2021-12-21 12:54:32.194root 11241100x8000000000000000732583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecd85f2b376be122021-12-21 12:54:32.194root 11241100x8000000000000000732584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f5ae9c7b4dd8552021-12-21 12:54:32.194root 11241100x8000000000000000732585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbafe59a505dc372021-12-21 12:54:32.194root 11241100x8000000000000000732586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25321cda3edfd1e2021-12-21 12:54:32.194root 11241100x8000000000000000732587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.421{ec2b6afe-ce82-61c1-5059-43fda7550000}10170/usr/bin/vim.basic/home/ubuntu/.viminfo2021-12-21 12:54:32.421ubuntu 534500x8000000000000000732588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.516{ec2b6afe-ce82-61c1-5059-43fda7550000}10170/usr/bin/vim.basicubuntu 11241100x8000000000000000732589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89993b8b82ca29652021-12-21 12:54:32.517root 11241100x8000000000000000732590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8178ca8ea59ff2ae2021-12-21 12:54:32.517root 11241100x8000000000000000732591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d698becdaf593cf12021-12-21 12:54:32.517root 11241100x8000000000000000732592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eccf362ae2b0fe82021-12-21 12:54:32.517root 11241100x8000000000000000732593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7919751c35e062d52021-12-21 12:54:32.517root 11241100x8000000000000000732594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f428c9d3e8fe25ed2021-12-21 12:54:32.517root 11241100x8000000000000000732595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.517{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29195579f3d72e3c2021-12-21 12:54:32.517root 11241100x8000000000000000732596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4dec2ddc6415af2021-12-21 12:54:32.518root 11241100x8000000000000000732597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffee811a66fc19322021-12-21 12:54:32.518root 11241100x8000000000000000732598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d2179d6b0f683c2021-12-21 12:54:32.518root 11241100x8000000000000000732599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eadcf634a94292a2021-12-21 12:54:32.518root 11241100x8000000000000000732600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096f84dd0094a99e2021-12-21 12:54:32.518root 11241100x8000000000000000732601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0991c35caca1cab32021-12-21 12:54:32.518root 11241100x8000000000000000732602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065b5ef392ca78f12021-12-21 12:54:32.518root 11241100x8000000000000000732603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cfadd8b941dae42021-12-21 12:54:32.518root 11241100x8000000000000000732604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f15755a435628472021-12-21 12:54:32.518root 11241100x8000000000000000732605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f2584e309093f62021-12-21 12:54:32.518root 11241100x8000000000000000732606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ffe4d281e854262021-12-21 12:54:32.518root 11241100x8000000000000000732607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89964b23adcbaa2e2021-12-21 12:54:32.518root 11241100x8000000000000000732608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.518{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a7ea0ed16f1e202021-12-21 12:54:32.518root 11241100x8000000000000000732609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bd5c5cdbf67c862021-12-21 12:54:32.943root 11241100x8000000000000000732610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cb16e9af7ca5792021-12-21 12:54:32.943root 11241100x8000000000000000732611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7929796263ca8b952021-12-21 12:54:32.943root 11241100x8000000000000000732612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24cf727212a57632021-12-21 12:54:32.943root 11241100x8000000000000000732613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798a223b558c5972021-12-21 12:54:32.943root 11241100x8000000000000000732614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd497d3cd3423cad2021-12-21 12:54:32.943root 11241100x8000000000000000732615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5023ba634c3c9c2021-12-21 12:54:32.943root 11241100x8000000000000000732616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e80a90c169f15832021-12-21 12:54:32.943root 11241100x8000000000000000732617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08080fcd4db10b152021-12-21 12:54:32.944root 11241100x8000000000000000732618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411d479654bd50072021-12-21 12:54:32.944root 11241100x8000000000000000732619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f310b448002552a2021-12-21 12:54:32.944root 11241100x8000000000000000732620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f73d373b37e45902021-12-21 12:54:32.944root 11241100x8000000000000000732621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772318c14faf0cdf2021-12-21 12:54:32.944root 11241100x8000000000000000732622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abd0ebc956e90a02021-12-21 12:54:32.944root 11241100x8000000000000000732623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6e7536d04c8c62021-12-21 12:54:32.944root 11241100x8000000000000000732624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04700704016a5e112021-12-21 12:54:32.944root 11241100x8000000000000000732625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c8065dcb6b65002021-12-21 12:54:32.944root 11241100x8000000000000000732626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be2b691068e06042021-12-21 12:54:32.944root 11241100x8000000000000000732627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9520e4b2416a70482021-12-21 12:54:33.443root 11241100x8000000000000000732628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172287ec13b1d70e2021-12-21 12:54:33.443root 11241100x8000000000000000732629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944213d5c4fa6c242021-12-21 12:54:33.443root 11241100x8000000000000000732630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2f654b5d4d5782021-12-21 12:54:33.443root 11241100x8000000000000000732631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4429e533104012682021-12-21 12:54:33.443root 11241100x8000000000000000732632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fce5d9806341e22021-12-21 12:54:33.443root 11241100x8000000000000000732633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b23e33b7451c8e92021-12-21 12:54:33.443root 11241100x8000000000000000732634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06395077f44205692021-12-21 12:54:33.443root 11241100x8000000000000000732635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e4c1a9effc15fa2021-12-21 12:54:33.443root 11241100x8000000000000000732636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e232ff76404dc92021-12-21 12:54:33.443root 11241100x8000000000000000732637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f402b56598c7fd4f2021-12-21 12:54:33.443root 11241100x8000000000000000732638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38be1165ae86aabe2021-12-21 12:54:33.443root 11241100x8000000000000000732639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e7edceb1cb459c2021-12-21 12:54:33.443root 11241100x8000000000000000732640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553b758e8912717f2021-12-21 12:54:33.444root 11241100x8000000000000000732641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d0b30316df7ba52021-12-21 12:54:33.444root 11241100x8000000000000000732642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9502755a73849cf2021-12-21 12:54:33.444root 11241100x8000000000000000732643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28bb385b6a46a952021-12-21 12:54:33.444root 11241100x8000000000000000732644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dad656cbbc12e42021-12-21 12:54:33.444root 11241100x8000000000000000732645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb826a270ac79df42021-12-21 12:54:33.943root 11241100x8000000000000000732646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3afb351786752a12021-12-21 12:54:33.943root 11241100x8000000000000000732647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a9683100e1523f2021-12-21 12:54:33.943root 11241100x8000000000000000732648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b018bdf29ac4572021-12-21 12:54:33.943root 11241100x8000000000000000732649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1611da619ce641792021-12-21 12:54:33.943root 11241100x8000000000000000732650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e7113cf07716152021-12-21 12:54:33.944root 11241100x8000000000000000732651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabbccbb8005b1a72021-12-21 12:54:33.944root 11241100x8000000000000000732652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8455ed23f26df4a22021-12-21 12:54:33.944root 11241100x8000000000000000732653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02baa2c1a4c67222021-12-21 12:54:33.944root 11241100x8000000000000000732654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db016341974bd862021-12-21 12:54:33.944root 11241100x8000000000000000732655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74823b5b9d3c5bda2021-12-21 12:54:33.944root 11241100x8000000000000000732656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15654b64cc560d792021-12-21 12:54:33.944root 11241100x8000000000000000732657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39bf697ac263d52021-12-21 12:54:33.944root 11241100x8000000000000000732658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed9a9ece163a5962021-12-21 12:54:33.944root 11241100x8000000000000000732659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9348dadd19fa16b2021-12-21 12:54:33.944root 11241100x8000000000000000732660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1e2b12d60bab422021-12-21 12:54:33.944root 11241100x8000000000000000732661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b132c45a60a7cada2021-12-21 12:54:33.944root 11241100x8000000000000000732662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f5de0a64482812021-12-21 12:54:33.944root 354300x8000000000000000732663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.057{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50660-false10.0.1.12-8000- 11241100x8000000000000000732664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d848acef1dbbe2021-12-21 12:54:34.443root 11241100x8000000000000000732665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ff2a8cca8a36ed2021-12-21 12:54:34.443root 11241100x8000000000000000732666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be20dcc7dba1157a2021-12-21 12:54:34.443root 11241100x8000000000000000732667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4238bc13530fe2472021-12-21 12:54:34.443root 11241100x8000000000000000732668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f26217e8aa481d2021-12-21 12:54:34.443root 11241100x8000000000000000732669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b64cd24415a32fc2021-12-21 12:54:34.443root 11241100x8000000000000000732670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb7a1686755f1952021-12-21 12:54:34.443root 11241100x8000000000000000732671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c3853760abc0322021-12-21 12:54:34.443root 11241100x8000000000000000732672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac7a9ce855c782e2021-12-21 12:54:34.443root 11241100x8000000000000000732673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372c76b8acce61f32021-12-21 12:54:34.444root 11241100x8000000000000000732674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de22902962b8de582021-12-21 12:54:34.444root 11241100x8000000000000000732675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480010f2e29a7762021-12-21 12:54:34.444root 11241100x8000000000000000732676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab5db56f1d1739a2021-12-21 12:54:34.444root 11241100x8000000000000000732677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764cf01409ac63f32021-12-21 12:54:34.444root 11241100x8000000000000000732678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df3594768aa381b2021-12-21 12:54:34.444root 11241100x8000000000000000732679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c0ff06f96f89b2021-12-21 12:54:34.444root 11241100x8000000000000000732680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9872adb2a9a5be2021-12-21 12:54:34.444root 11241100x8000000000000000732681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3a55d510df284c2021-12-21 12:54:34.444root 11241100x8000000000000000732682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c598b1f2e075fb62021-12-21 12:54:34.444root 11241100x8000000000000000732683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b29128b8eb5b2482021-12-21 12:54:34.444root 11241100x8000000000000000732684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d35ee624e84d3a2021-12-21 12:54:34.444root 11241100x8000000000000000732685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2e8a5089f577922021-12-21 12:54:34.444root 11241100x8000000000000000732686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef15992006869122021-12-21 12:54:34.444root 11241100x8000000000000000732687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e399b7ee9f37f92021-12-21 12:54:34.444root 11241100x8000000000000000732688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761e2ef9f2ca37e42021-12-21 12:54:34.444root 11241100x8000000000000000732689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042eebf7f750947e2021-12-21 12:54:34.943root 11241100x8000000000000000732690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d9c871f1ca8aa52021-12-21 12:54:34.943root 11241100x8000000000000000732691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef9dff3065ebe672021-12-21 12:54:34.943root 11241100x8000000000000000732692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c77e0c237435932021-12-21 12:54:34.943root 11241100x8000000000000000732693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f9ead47c340c7a2021-12-21 12:54:34.943root 11241100x8000000000000000732694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e555cc660ac083b2021-12-21 12:54:34.943root 11241100x8000000000000000732695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571ced288a5ee2282021-12-21 12:54:34.943root 11241100x8000000000000000732696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea16220a58f89022021-12-21 12:54:34.943root 11241100x8000000000000000732697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abef5016805d6322021-12-21 12:54:34.943root 11241100x8000000000000000732698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5928c3e210e48af2021-12-21 12:54:34.943root 11241100x8000000000000000732699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0663e6cd8a89d862021-12-21 12:54:34.943root 11241100x8000000000000000732700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba74edf70f19a172021-12-21 12:54:34.943root 11241100x8000000000000000732701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f2cc14648f32d32021-12-21 12:54:34.943root 11241100x8000000000000000732702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed046877a68859e2021-12-21 12:54:34.944root 11241100x8000000000000000732703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b19b439b8447da52021-12-21 12:54:34.944root 11241100x8000000000000000732704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ed810f899a7552021-12-21 12:54:34.944root 11241100x8000000000000000732705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426afbfeea31b8c62021-12-21 12:54:34.944root 11241100x8000000000000000732706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55544d574ccb22892021-12-21 12:54:34.944root 11241100x8000000000000000732707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf38ca11b71dd3e52021-12-21 12:54:34.944root 11241100x8000000000000000732708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1150c980a28978b2021-12-21 12:54:34.944root 11241100x8000000000000000732709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9708748c553445c22021-12-21 12:54:34.944root 11241100x8000000000000000732710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3aa485098fed732021-12-21 12:54:34.944root 11241100x8000000000000000732711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ee585b4779f9562021-12-21 12:54:34.944root 11241100x8000000000000000732712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb098f9985d1e592021-12-21 12:54:34.944root 11241100x8000000000000000732713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4bae72b34ac6f12021-12-21 12:54:34.944root 154100x8000000000000000732714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.413{ec2b6afe-ce8b-61c1-080e-d571a8550000}10171/usr/bin/sudo-----sudo vim /etc/shadow/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000732715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.415{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3360f48ffb5fb8032021-12-21 12:54:35.415root 11241100x8000000000000000732716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.415{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a2e41ca875fe3b2021-12-21 12:54:35.415root 11241100x8000000000000000732717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.415{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb159c5809a11cd2021-12-21 12:54:35.415root 11241100x8000000000000000732718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.415{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18db0f13565a0e8b2021-12-21 12:54:35.415root 11241100x8000000000000000732719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.415{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebd56bf9bb705d52021-12-21 12:54:35.415root 11241100x8000000000000000732720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86091f6167952bd02021-12-21 12:54:35.416root 11241100x8000000000000000732721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4cb759f33b657f2021-12-21 12:54:35.416root 11241100x8000000000000000732722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb6382b5ac3fc212021-12-21 12:54:35.416root 11241100x8000000000000000732723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d94b3ab93e746412021-12-21 12:54:35.416root 11241100x8000000000000000732724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69031f58f0a1a3372021-12-21 12:54:35.416root 11241100x8000000000000000732725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdfce5a113556382021-12-21 12:54:35.416root 11241100x8000000000000000732726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a39e7da243fb462021-12-21 12:54:35.416root 11241100x8000000000000000732727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.416{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448edb930b6cbefb2021-12-21 12:54:35.416root 11241100x8000000000000000732728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.417{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67068a924435d3012021-12-21 12:54:35.417root 11241100x8000000000000000732729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.417{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb90181a478cfbba2021-12-21 12:54:35.417root 11241100x8000000000000000732730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.417{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d71e1fbac5c75c52021-12-21 12:54:35.417root 11241100x8000000000000000732731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.417{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066121b5ab3eeae82021-12-21 12:54:35.417root 11241100x8000000000000000732732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.417{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a220bf76e9822b7d2021-12-21 12:54:35.417root 11241100x8000000000000000732733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.417{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e2fb6173adec0c2021-12-21 12:54:35.417root 11241100x8000000000000000732734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.417{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802501351cb8eb9c2021-12-21 12:54:35.417root 354300x8000000000000000732735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.419{ec2b6afe-ce8b-61c1-080e-d571a8550000}10171/usr/bin/sudoubuntuudptruefalse127.0.0.1-53697-false127.0.0.53-53- 354300x8000000000000000732736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.419{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-51958-false10.0.0.2-53- 354300x8000000000000000732737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.419{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-38851-false10.0.0.2-53- 354300x8000000000000000732738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.421{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53697- 354300x8000000000000000732739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.421{ec2b6afe-ce8b-61c1-080e-d571a8550000}10171/usr/bin/sudoubuntuudptruefalse127.0.0.1-39951-false127.0.0.53-53- 354300x8000000000000000732740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.421{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-39951- 154100x8000000000000000732741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.424{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172/usr/bin/vim.basic-----vim /etc/shadow/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ce8b-61c1-080e-d571a8550000}10171/usr/bin/sudosudoubuntu 11241100x8000000000000000732742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.443{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172/usr/bin/vim.basic/etc/.shadow.swp2021-12-21 12:54:35.443root 11241100x8000000000000000732743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.443{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172/usr/bin/vim.basic/etc/.shadow.swpx2021-12-21 12:54:35.443root 23542300x8000000000000000732744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.443{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172root/usr/bin/vim.basic/etc/.shadow.swpx--- 23542300x8000000000000000732745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.443{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172root/usr/bin/vim.basic/etc/.shadow.swp--- 11241100x8000000000000000732746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.443{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172/usr/bin/vim.basic/etc/.shadow.swp2021-12-21 12:54:35.443root 11241100x8000000000000000732747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c99d73366daccc42021-12-21 12:54:35.693root 11241100x8000000000000000732748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28598771925604ce2021-12-21 12:54:35.693root 11241100x8000000000000000732749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1b19e8234305142021-12-21 12:54:35.693root 11241100x8000000000000000732750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6387d4751075d7392021-12-21 12:54:35.694root 11241100x8000000000000000732751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f706e1bdda4a982b2021-12-21 12:54:35.694root 11241100x8000000000000000732752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5326d282cb8a12021-12-21 12:54:35.694root 11241100x8000000000000000732753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db517eb2ff1f26042021-12-21 12:54:35.694root 11241100x8000000000000000732754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c53879c7f6393a2021-12-21 12:54:35.694root 11241100x8000000000000000732755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382e5ad4caee25e82021-12-21 12:54:35.694root 11241100x8000000000000000732756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34be3b245afff322021-12-21 12:54:35.694root 11241100x8000000000000000732757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a70db230bbfdb162021-12-21 12:54:35.695root 11241100x8000000000000000732758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce21b4e21860b6a92021-12-21 12:54:35.695root 11241100x8000000000000000732759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a585d116443212021-12-21 12:54:35.695root 11241100x8000000000000000732760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf43180e83d711b2021-12-21 12:54:35.695root 11241100x8000000000000000732761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8c96d1d2e64ab32021-12-21 12:54:35.695root 11241100x8000000000000000732762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10a33f62a9d1a742021-12-21 12:54:35.695root 11241100x8000000000000000732763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76b09a99aca93f62021-12-21 12:54:35.695root 11241100x8000000000000000732764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf563ee251663a392021-12-21 12:54:35.695root 11241100x8000000000000000732765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93a30546cddf2012021-12-21 12:54:35.695root 11241100x8000000000000000732766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824b2890927dfe462021-12-21 12:54:35.695root 11241100x8000000000000000732767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351d4331b54acb762021-12-21 12:54:35.695root 11241100x8000000000000000732768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f42a2e78a9698cd2021-12-21 12:54:35.696root 11241100x8000000000000000732769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df1f84bbe4439ac2021-12-21 12:54:35.696root 11241100x8000000000000000732770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bb5736530583c62021-12-21 12:54:35.696root 11241100x8000000000000000732771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58da34a5c4985e152021-12-21 12:54:35.696root 11241100x8000000000000000732772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dad952309e83f32021-12-21 12:54:35.696root 11241100x8000000000000000732773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06571cea20f94f582021-12-21 12:54:35.696root 11241100x8000000000000000732774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2d44d2791e2972021-12-21 12:54:35.696root 11241100x8000000000000000732775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168d362240c97fd02021-12-21 12:54:35.696root 11241100x8000000000000000732776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b094059779efff342021-12-21 12:54:35.696root 11241100x8000000000000000732777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72410af033394e142021-12-21 12:54:35.696root 11241100x8000000000000000732778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15a1c18dfe634712021-12-21 12:54:35.696root 11241100x8000000000000000732779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed704ba597c374732021-12-21 12:54:35.696root 11241100x8000000000000000732780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe029eec3ab557c2021-12-21 12:54:35.696root 11241100x8000000000000000732781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1b84ca3d7767192021-12-21 12:54:35.696root 11241100x8000000000000000732782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.130{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:54:36.130root 11241100x8000000000000000732783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defd6dc5083745f32021-12-21 12:54:36.131root 11241100x8000000000000000732784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a891407b0e04d2021-12-21 12:54:36.131root 11241100x8000000000000000732785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e175238c9feab3182021-12-21 12:54:36.131root 11241100x8000000000000000732786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ed3af8734e66f72021-12-21 12:54:36.131root 11241100x8000000000000000732787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9348526bca27c2a42021-12-21 12:54:36.132root 11241100x8000000000000000732788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9fd4975590c1b82021-12-21 12:54:36.132root 11241100x8000000000000000732789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aba2fc72eee87e2021-12-21 12:54:36.132root 11241100x8000000000000000732790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f9a07a1a4c9d192021-12-21 12:54:36.132root 11241100x8000000000000000732791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaa6bbdfee313672021-12-21 12:54:36.132root 11241100x8000000000000000732792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723b697233a3ddca2021-12-21 12:54:36.132root 11241100x8000000000000000732793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90639012760cdb2021-12-21 12:54:36.132root 11241100x8000000000000000732794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65707bc19e3a71c12021-12-21 12:54:36.132root 11241100x8000000000000000732795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004eed68ca8a96492021-12-21 12:54:36.133root 11241100x8000000000000000732796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379e8a4e62c8276f2021-12-21 12:54:36.133root 11241100x8000000000000000732797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118b7417a26da2572021-12-21 12:54:36.133root 11241100x8000000000000000732798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5b3b4004ebd28c2021-12-21 12:54:36.133root 11241100x8000000000000000732799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749989c30390f1c42021-12-21 12:54:36.133root 11241100x8000000000000000732800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8733ddc0a37d63262021-12-21 12:54:36.133root 11241100x8000000000000000732801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e98f5a3cd35212d2021-12-21 12:54:36.133root 11241100x8000000000000000732802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cd731cfd2f0eeb2021-12-21 12:54:36.133root 11241100x8000000000000000732803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed65717ac4323412021-12-21 12:54:36.134root 11241100x8000000000000000732804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2887f9db68b761b12021-12-21 12:54:36.134root 11241100x8000000000000000732805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d3b9c035c90a2c2021-12-21 12:54:36.134root 11241100x8000000000000000732806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409e46b54abef4912021-12-21 12:54:36.134root 11241100x8000000000000000732807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4145be88f5df5922021-12-21 12:54:36.134root 11241100x8000000000000000732808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0aedc09d997ae22021-12-21 12:54:36.134root 11241100x8000000000000000732809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81a320316a96c102021-12-21 12:54:36.134root 11241100x8000000000000000732810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8707e1c3928573f12021-12-21 12:54:36.134root 11241100x8000000000000000732811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17be21c2d1e93aed2021-12-21 12:54:36.134root 11241100x8000000000000000732812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fea1a19b72b54b2021-12-21 12:54:36.135root 11241100x8000000000000000732813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f099cd3d4214d2021-12-21 12:54:36.135root 11241100x8000000000000000732814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3927dddd9048e0092021-12-21 12:54:36.135root 11241100x8000000000000000732815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb87ae892ef6db52021-12-21 12:54:36.135root 11241100x8000000000000000732816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd485e94c52aefd12021-12-21 12:54:36.135root 11241100x8000000000000000732817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecdd3853e7e77042021-12-21 12:54:36.135root 11241100x8000000000000000732818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83f754e45a6a6a42021-12-21 12:54:36.135root 11241100x8000000000000000732819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec43f7021593e3092021-12-21 12:54:36.135root 11241100x8000000000000000732820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fff2d7db7a35ad2021-12-21 12:54:36.135root 11241100x8000000000000000732821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c18fcff5d39612021-12-21 12:54:36.136root 11241100x8000000000000000732822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8a27609e16d1c82021-12-21 12:54:36.136root 11241100x8000000000000000732823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6642d26b451e93652021-12-21 12:54:36.443root 11241100x8000000000000000732824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1391a364fc5d41c92021-12-21 12:54:36.443root 11241100x8000000000000000732825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044a09faa630d2272021-12-21 12:54:36.443root 11241100x8000000000000000732826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3455ab9e5c73f16c2021-12-21 12:54:36.443root 11241100x8000000000000000732827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fb9db449b586cb2021-12-21 12:54:36.443root 11241100x8000000000000000732828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4cb8b4ff25dfce2021-12-21 12:54:36.443root 11241100x8000000000000000732829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd1b555b468dc12021-12-21 12:54:36.443root 11241100x8000000000000000732830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7273cdb9f2a3f3e2021-12-21 12:54:36.443root 11241100x8000000000000000732831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6862b58a38956c72021-12-21 12:54:36.443root 11241100x8000000000000000732832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b52ebc9b949b3d2021-12-21 12:54:36.444root 11241100x8000000000000000732833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7f70c494c963c42021-12-21 12:54:36.444root 11241100x8000000000000000732834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e17b342f71ff0c42021-12-21 12:54:36.444root 11241100x8000000000000000732835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54cd6e8d966d7572021-12-21 12:54:36.444root 11241100x8000000000000000732836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b369b8df8de03a2021-12-21 12:54:36.444root 11241100x8000000000000000732837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e17e4339a3f3b62021-12-21 12:54:36.444root 11241100x8000000000000000732838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03036fb5e9bfa9772021-12-21 12:54:36.444root 11241100x8000000000000000732839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e4cba32eabd56f2021-12-21 12:54:36.444root 11241100x8000000000000000732840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7d313d8e2a72fc2021-12-21 12:54:36.445root 11241100x8000000000000000732841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8fff045e095d802021-12-21 12:54:36.445root 11241100x8000000000000000732842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8d5ae42c300ed72021-12-21 12:54:36.445root 11241100x8000000000000000732843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa81ceb0c510a822021-12-21 12:54:36.445root 11241100x8000000000000000732844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89539ac6dca3e0d42021-12-21 12:54:36.445root 11241100x8000000000000000732845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7e15c8a9471a7f2021-12-21 12:54:36.446root 11241100x8000000000000000732846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dde1e55f4f57ac2021-12-21 12:54:36.446root 11241100x8000000000000000732847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3048131e7b00acf02021-12-21 12:54:36.447root 11241100x8000000000000000732848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679d5ccf41807d762021-12-21 12:54:36.447root 11241100x8000000000000000732849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9205bc184d70ccd12021-12-21 12:54:36.447root 11241100x8000000000000000732850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e837fde17bfc232021-12-21 12:54:36.447root 11241100x8000000000000000732851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63fe77625243f422021-12-21 12:54:36.447root 11241100x8000000000000000732852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b6346ecbb7f5782021-12-21 12:54:36.447root 11241100x8000000000000000732853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24aa1f652666c12021-12-21 12:54:36.447root 11241100x8000000000000000732854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b3a53021241d2f2021-12-21 12:54:36.448root 11241100x8000000000000000732855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6110c5bf7c3d55112021-12-21 12:54:36.448root 11241100x8000000000000000732856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da1d682c1086d22021-12-21 12:54:36.448root 11241100x8000000000000000732857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b70557a268ad892021-12-21 12:54:36.448root 11241100x8000000000000000732858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd347709c1af2982021-12-21 12:54:36.448root 11241100x8000000000000000732859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f9b16c3119f87a2021-12-21 12:54:36.448root 11241100x8000000000000000732860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67777e06296a472021-12-21 12:54:36.448root 11241100x8000000000000000732861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d713cee9a28bdd82021-12-21 12:54:36.448root 11241100x8000000000000000732862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182df47bf67a3f532021-12-21 12:54:36.448root 11241100x8000000000000000732863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84fba26eac339c32021-12-21 12:54:36.448root 11241100x8000000000000000732864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850b2755ada99f742021-12-21 12:54:36.448root 11241100x8000000000000000732865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa29a9ad9a0572842021-12-21 12:54:36.448root 11241100x8000000000000000732866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce959d49f74d1042021-12-21 12:54:36.448root 11241100x8000000000000000732867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5e87d2153ce5af2021-12-21 12:54:36.448root 11241100x8000000000000000732868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ebe3563f300cc42021-12-21 12:54:36.449root 11241100x8000000000000000732869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a39c444b86b40d2021-12-21 12:54:36.449root 11241100x8000000000000000732870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab085f9b8711170d2021-12-21 12:54:36.449root 11241100x8000000000000000732871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b6cceeb4e2bef42021-12-21 12:54:36.449root 11241100x8000000000000000732872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec1835f1cc7436e2021-12-21 12:54:36.449root 11241100x8000000000000000732873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b513edd1980158a92021-12-21 12:54:36.449root 11241100x8000000000000000732874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356221f78c1be9172021-12-21 12:54:36.449root 11241100x8000000000000000732875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dc41fc375f5d0b2021-12-21 12:54:36.943root 11241100x8000000000000000732876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb0abda292647ab2021-12-21 12:54:36.943root 11241100x8000000000000000732877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4975184677a2d792021-12-21 12:54:36.943root 11241100x8000000000000000732878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d00bae5a4532bf2021-12-21 12:54:36.943root 11241100x8000000000000000732879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08527d89714ec232021-12-21 12:54:36.943root 11241100x8000000000000000732880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785f9bfc3453450d2021-12-21 12:54:36.944root 11241100x8000000000000000732881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d052ccf325527a8f2021-12-21 12:54:36.944root 11241100x8000000000000000732882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab266c6a216b19eb2021-12-21 12:54:36.944root 11241100x8000000000000000732883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf57fee25234c52021-12-21 12:54:36.944root 11241100x8000000000000000732884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd3aa919f2b14872021-12-21 12:54:36.944root 11241100x8000000000000000732885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49453e9c898b1912021-12-21 12:54:36.945root 11241100x8000000000000000732886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aaa646fccbb4022021-12-21 12:54:36.945root 11241100x8000000000000000732887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179cf2e0c70713f82021-12-21 12:54:36.945root 11241100x8000000000000000732888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99095300915bcf742021-12-21 12:54:36.945root 11241100x8000000000000000732889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b5e94d31b63d972021-12-21 12:54:36.945root 11241100x8000000000000000732890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1d80b8456e93762021-12-21 12:54:36.946root 11241100x8000000000000000732891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60aae7b8af4fb9a82021-12-21 12:54:36.946root 11241100x8000000000000000732892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02dbd1a605f11242021-12-21 12:54:36.946root 11241100x8000000000000000732893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f9f79b72f349942021-12-21 12:54:36.947root 11241100x8000000000000000732894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebbd48668b8b6272021-12-21 12:54:36.947root 11241100x8000000000000000732895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8da51cf6f08f6652021-12-21 12:54:36.947root 11241100x8000000000000000732896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c867268027e13ba22021-12-21 12:54:36.947root 11241100x8000000000000000732897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fc86c6de6a6aaa2021-12-21 12:54:36.948root 11241100x8000000000000000732898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f0055c0ffb3d92021-12-21 12:54:36.948root 11241100x8000000000000000732899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4b5aac0a7964a52021-12-21 12:54:36.948root 11241100x8000000000000000732900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0866c9afcb429c842021-12-21 12:54:36.948root 11241100x8000000000000000732901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e06719b24dbd2cc2021-12-21 12:54:36.949root 11241100x8000000000000000732902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c40314c9c8d4f492021-12-21 12:54:36.949root 11241100x8000000000000000732903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d629ad91a67b9ac2021-12-21 12:54:36.949root 11241100x8000000000000000732904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273aaa994ee5965c2021-12-21 12:54:36.949root 11241100x8000000000000000732905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b042800f25ac7022021-12-21 12:54:36.949root 11241100x8000000000000000732906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96598a9bc9df1afa2021-12-21 12:54:36.950root 11241100x8000000000000000732907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e384a13b4360b32021-12-21 12:54:36.950root 11241100x8000000000000000732908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c27e813698c10a2021-12-21 12:54:36.950root 11241100x8000000000000000732909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2abeee4c1c61242021-12-21 12:54:36.950root 11241100x8000000000000000732910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db58e64fc96860852021-12-21 12:54:36.950root 11241100x8000000000000000732911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b9ed7e160d63b02021-12-21 12:54:36.951root 11241100x8000000000000000732912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc033ddf5c90e662021-12-21 12:54:36.951root 11241100x8000000000000000732913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b18fb49b8a3ab62021-12-21 12:54:36.951root 11241100x8000000000000000732914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:36.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fca8780a5ebf572021-12-21 12:54:36.951root 11241100x8000000000000000732915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c3f759c5b88ca32021-12-21 12:54:37.443root 11241100x8000000000000000732916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808b358ce8a6b1ec2021-12-21 12:54:37.443root 11241100x8000000000000000732917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8228e33562a1c82021-12-21 12:54:37.443root 11241100x8000000000000000732918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05897f15076d9bc72021-12-21 12:54:37.444root 11241100x8000000000000000732919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04daa5d3db9c2372021-12-21 12:54:37.444root 11241100x8000000000000000732920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df299463cb351c562021-12-21 12:54:37.444root 11241100x8000000000000000732921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e515245d04187dd2021-12-21 12:54:37.444root 11241100x8000000000000000732922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fb376176f4c4f52021-12-21 12:54:37.444root 11241100x8000000000000000732923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ead8016818b92f2021-12-21 12:54:37.444root 11241100x8000000000000000732924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1045454bb2b5da9b2021-12-21 12:54:37.444root 11241100x8000000000000000732925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d04d2a2337350a62021-12-21 12:54:37.444root 11241100x8000000000000000732926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ea051b326ebf372021-12-21 12:54:37.444root 11241100x8000000000000000732927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0228ac38b899caa2021-12-21 12:54:37.445root 11241100x8000000000000000732928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59948aa613cddddb2021-12-21 12:54:37.445root 11241100x8000000000000000732929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8667dff9f88949852021-12-21 12:54:37.445root 11241100x8000000000000000732930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1b924e6e38ad362021-12-21 12:54:37.445root 11241100x8000000000000000732931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beb1cd250eeb8ed2021-12-21 12:54:37.445root 11241100x8000000000000000732932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c4b9b28f2a16cd2021-12-21 12:54:37.445root 11241100x8000000000000000732933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c0b1769846c3c12021-12-21 12:54:37.446root 11241100x8000000000000000732934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0422ae92e59635c2021-12-21 12:54:37.446root 11241100x8000000000000000732935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a595f40dd8ee12021-12-21 12:54:37.446root 11241100x8000000000000000732936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd430762cbb318852021-12-21 12:54:37.446root 11241100x8000000000000000732937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d9b8b369fb31a02021-12-21 12:54:37.446root 11241100x8000000000000000732938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862aede81a50d4c02021-12-21 12:54:37.446root 11241100x8000000000000000732939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48deae76b3a155a82021-12-21 12:54:37.446root 11241100x8000000000000000732940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0df7ddf367a12582021-12-21 12:54:37.446root 11241100x8000000000000000732941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561b98f89f9a06fc2021-12-21 12:54:37.446root 11241100x8000000000000000732942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e137b16694fd102021-12-21 12:54:37.446root 11241100x8000000000000000732943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244427a39428d1182021-12-21 12:54:37.446root 11241100x8000000000000000732944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0aac33add89ac1e2021-12-21 12:54:37.447root 11241100x8000000000000000732945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8a584df678de332021-12-21 12:54:37.447root 11241100x8000000000000000732946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1e280970a5878e2021-12-21 12:54:37.447root 11241100x8000000000000000732947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4721b144ff69cfb32021-12-21 12:54:37.447root 11241100x8000000000000000732948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa20e5fcd95ee032021-12-21 12:54:37.943root 11241100x8000000000000000732949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf09341af56d7f2021-12-21 12:54:37.943root 11241100x8000000000000000732950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca68966d7ebaa2342021-12-21 12:54:37.943root 11241100x8000000000000000732951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389b987be2acdf3a2021-12-21 12:54:37.943root 11241100x8000000000000000732952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d5481112c7d5dc2021-12-21 12:54:37.943root 11241100x8000000000000000732953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5f4abbbf892cc42021-12-21 12:54:37.944root 11241100x8000000000000000732954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab78269fabdd8d42021-12-21 12:54:37.944root 11241100x8000000000000000732955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11042054571604e2021-12-21 12:54:37.944root 11241100x8000000000000000732956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7141a4b52758bb2021-12-21 12:54:37.944root 11241100x8000000000000000732957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a230f34da5f1e42021-12-21 12:54:37.944root 11241100x8000000000000000732958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd8bbf1281804dc2021-12-21 12:54:37.944root 11241100x8000000000000000732959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98d59c060c5d46a2021-12-21 12:54:37.944root 11241100x8000000000000000732960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740b7459461cf77a2021-12-21 12:54:37.944root 11241100x8000000000000000732961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc3be9afe8fb37d2021-12-21 12:54:37.944root 11241100x8000000000000000732962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e3c5c8a31468f32021-12-21 12:54:37.944root 11241100x8000000000000000732963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b1d2d8e706311c2021-12-21 12:54:37.944root 11241100x8000000000000000732964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a6c5561f020652021-12-21 12:54:37.944root 11241100x8000000000000000732965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f4012810cc07ea2021-12-21 12:54:37.944root 11241100x8000000000000000732966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71784ef31d9a52d2021-12-21 12:54:37.944root 11241100x8000000000000000732967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbdf5f9faf935b12021-12-21 12:54:37.944root 11241100x8000000000000000732968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef07a82f66c61562021-12-21 12:54:37.944root 11241100x8000000000000000732969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e48b26745f3fc192021-12-21 12:54:37.944root 11241100x8000000000000000732970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41880fa433f7a1252021-12-21 12:54:37.945root 11241100x8000000000000000732971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3beb0b0993b39472021-12-21 12:54:37.945root 11241100x8000000000000000732972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094aad55ab43e2e32021-12-21 12:54:37.945root 11241100x8000000000000000732973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a328af665a0bc2021-12-21 12:54:37.945root 11241100x8000000000000000732974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2154f0632e2153c42021-12-21 12:54:37.945root 11241100x8000000000000000732975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad94864d312d8cee2021-12-21 12:54:37.945root 11241100x8000000000000000732976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0751885c262807e92021-12-21 12:54:37.945root 11241100x8000000000000000732977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e46034307b41d92021-12-21 12:54:37.945root 11241100x8000000000000000732978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07df040292cf575b2021-12-21 12:54:37.945root 11241100x8000000000000000732979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1633472f9ab33d2021-12-21 12:54:37.945root 11241100x8000000000000000732980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b344e01c2a2a6492021-12-21 12:54:37.945root 11241100x8000000000000000732981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d127c04bb6edcc0d2021-12-21 12:54:37.945root 11241100x8000000000000000732982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab156ce6c39fb9e2021-12-21 12:54:37.945root 11241100x8000000000000000732983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11e886249092db92021-12-21 12:54:37.945root 11241100x8000000000000000732984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1988972bb3f22f5d2021-12-21 12:54:37.945root 11241100x8000000000000000732985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c8e3f9bd82dde92021-12-21 12:54:37.945root 11241100x8000000000000000732986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf501f48af0795d2021-12-21 12:54:37.946root 11241100x8000000000000000732987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcb0d56caab928f2021-12-21 12:54:37.946root 11241100x8000000000000000732988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888a6542f76e0b9b2021-12-21 12:54:37.946root 11241100x8000000000000000732989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ddf006ce30c08a2021-12-21 12:54:37.946root 11241100x8000000000000000732990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abef576b2ea43ad02021-12-21 12:54:37.946root 11241100x8000000000000000732991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f138bad22a3f5b542021-12-21 12:54:37.946root 11241100x8000000000000000732992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2931e08ca9b48ea2021-12-21 12:54:37.946root 11241100x8000000000000000732993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56ece2c0fda7ca32021-12-21 12:54:37.946root 11241100x8000000000000000732994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c942e09e95638b32021-12-21 12:54:37.946root 11241100x8000000000000000732995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7095f59a3e7c51ed2021-12-21 12:54:38.443root 11241100x8000000000000000732996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b39258d911e97692021-12-21 12:54:38.443root 11241100x8000000000000000732997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee397de4d4097b252021-12-21 12:54:38.443root 11241100x8000000000000000732998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718af5da91f34b572021-12-21 12:54:38.443root 11241100x8000000000000000732999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fcdea8d847502d2021-12-21 12:54:38.444root 11241100x8000000000000000733000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e1c993330e116a2021-12-21 12:54:38.444root 11241100x8000000000000000733001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d39487d2ddb5d82021-12-21 12:54:38.444root 11241100x8000000000000000733002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab5f7fac4d7af0d2021-12-21 12:54:38.444root 11241100x8000000000000000733003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ef1cba75e442832021-12-21 12:54:38.444root 11241100x8000000000000000733004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd476ee3993178d2021-12-21 12:54:38.444root 11241100x8000000000000000733005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaef4b550191c1b2021-12-21 12:54:38.444root 11241100x8000000000000000733006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7186ff88350343012021-12-21 12:54:38.444root 11241100x8000000000000000733007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d5044c1cd61f572021-12-21 12:54:38.444root 11241100x8000000000000000733008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2012ce4ae8d0c6e2021-12-21 12:54:38.444root 11241100x8000000000000000733009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc19a63cfe3503c02021-12-21 12:54:38.444root 11241100x8000000000000000733010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0472b87e5598aef12021-12-21 12:54:38.444root 11241100x8000000000000000733011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ebb970f3467b6a2021-12-21 12:54:38.444root 11241100x8000000000000000733012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a187aa5db9794ec02021-12-21 12:54:38.444root 11241100x8000000000000000733013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54a70a284361ef2021-12-21 12:54:38.444root 11241100x8000000000000000733014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5720124790a6aa2021-12-21 12:54:38.444root 11241100x8000000000000000733015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacdf6ad7440e7f02021-12-21 12:54:38.445root 11241100x8000000000000000733016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6e7ac69eb5bb122021-12-21 12:54:38.445root 11241100x8000000000000000733017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2943baa6828103992021-12-21 12:54:38.445root 11241100x8000000000000000733018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371f1d193aebd5012021-12-21 12:54:38.445root 11241100x8000000000000000733019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6da116479529472021-12-21 12:54:38.445root 11241100x8000000000000000733020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af74574eae27d7b2021-12-21 12:54:38.445root 11241100x8000000000000000733021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8261d5c51489a2412021-12-21 12:54:38.445root 11241100x8000000000000000733022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fd9a6661bc91ed2021-12-21 12:54:38.445root 11241100x8000000000000000733023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d3ea8131df62f42021-12-21 12:54:38.445root 11241100x8000000000000000733024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26e56ead423b7152021-12-21 12:54:38.445root 11241100x8000000000000000733025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51380be443401b712021-12-21 12:54:38.445root 11241100x8000000000000000733026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cb577f2f9e866e2021-12-21 12:54:38.446root 11241100x8000000000000000733027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24afb27dbcc657342021-12-21 12:54:38.446root 11241100x8000000000000000733028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf76bb375a6dd212021-12-21 12:54:38.943root 11241100x8000000000000000733029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29babecebba6f032021-12-21 12:54:38.943root 11241100x8000000000000000733030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69761d8a4f4eb50b2021-12-21 12:54:38.943root 11241100x8000000000000000733031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68547516a1c9bfec2021-12-21 12:54:38.943root 11241100x8000000000000000733032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06260cce1af688c42021-12-21 12:54:38.944root 11241100x8000000000000000733033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26249b9f6e1f9f22021-12-21 12:54:38.944root 11241100x8000000000000000733034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2578ee0946eb723e2021-12-21 12:54:38.944root 11241100x8000000000000000733035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36194265ab79ec4c2021-12-21 12:54:38.944root 11241100x8000000000000000733036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a50649c1636da2021-12-21 12:54:38.944root 11241100x8000000000000000733037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291a3ef04cfe3f122021-12-21 12:54:38.944root 11241100x8000000000000000733038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15572a0a99bf9142021-12-21 12:54:38.944root 11241100x8000000000000000733039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512e8771e7ec70712021-12-21 12:54:38.944root 11241100x8000000000000000733040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97aa4eda5fcaff32021-12-21 12:54:38.944root 11241100x8000000000000000733041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04507cafb6d70fbb2021-12-21 12:54:38.944root 11241100x8000000000000000733042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59127debcc9b8672021-12-21 12:54:38.944root 11241100x8000000000000000733043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3500136a8cd7403e2021-12-21 12:54:38.944root 11241100x8000000000000000733044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd266e73a4056d482021-12-21 12:54:38.944root 11241100x8000000000000000733045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5107dcd1b84b95072021-12-21 12:54:38.944root 11241100x8000000000000000733046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04979d494bf8bccf2021-12-21 12:54:38.944root 11241100x8000000000000000733047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f54dde4123479a2021-12-21 12:54:38.945root 11241100x8000000000000000733048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffda9e74c72ab8c2021-12-21 12:54:38.945root 11241100x8000000000000000733049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8132f3bbec0440a12021-12-21 12:54:38.945root 11241100x8000000000000000733050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafc876ed47c7ab92021-12-21 12:54:38.945root 11241100x8000000000000000733051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278e2df0bc1e57582021-12-21 12:54:38.945root 11241100x8000000000000000733052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c18e649371fc82021-12-21 12:54:38.945root 11241100x8000000000000000733053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1adeead8ea82cd2021-12-21 12:54:38.945root 11241100x8000000000000000733054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb23599e2a0a19b2021-12-21 12:54:38.945root 11241100x8000000000000000733055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3780207fe4c4491b2021-12-21 12:54:38.945root 11241100x8000000000000000733056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a5b877f7308d72021-12-21 12:54:38.945root 11241100x8000000000000000733057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657acf5cf27790f02021-12-21 12:54:38.945root 11241100x8000000000000000733058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8642548746f5e1702021-12-21 12:54:38.945root 11241100x8000000000000000733059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ccb65276d07ae22021-12-21 12:54:38.945root 11241100x8000000000000000733060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e7b48f9ae42e4a2021-12-21 12:54:38.945root 11241100x8000000000000000733061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e342500f6ca9cf2021-12-21 12:54:38.945root 354300x8000000000000000733062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.062{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50662-false10.0.1.12-8000- 23542300x8000000000000000733063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.132{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000733064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1c51e0903afad32021-12-21 12:54:39.443root 11241100x8000000000000000733065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05e4ba2b49d94ff2021-12-21 12:54:39.443root 11241100x8000000000000000733066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07ab04f688b32212021-12-21 12:54:39.443root 11241100x8000000000000000733067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312ae6ff7e137d642021-12-21 12:54:39.443root 11241100x8000000000000000733068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf8022294954f062021-12-21 12:54:39.443root 11241100x8000000000000000733069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b5d74e2c87f8252021-12-21 12:54:39.443root 11241100x8000000000000000733070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3858c650a66ee9552021-12-21 12:54:39.443root 11241100x8000000000000000733071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eb5e4c295d6c7b2021-12-21 12:54:39.444root 11241100x8000000000000000733072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe29d9584d910fc2021-12-21 12:54:39.444root 11241100x8000000000000000733073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c4dc5199c33cdd2021-12-21 12:54:39.444root 11241100x8000000000000000733074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b8fb9df3161312021-12-21 12:54:39.444root 11241100x8000000000000000733075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ea2854650215db2021-12-21 12:54:39.445root 11241100x8000000000000000733076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7082f7b2bd2aff2021-12-21 12:54:39.445root 11241100x8000000000000000733077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd155d96b3a463c2021-12-21 12:54:39.445root 11241100x8000000000000000733078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01996de3c1b3e5ff2021-12-21 12:54:39.445root 11241100x8000000000000000733079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ce2d0f004a17bc2021-12-21 12:54:39.446root 11241100x8000000000000000733080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b0cc48026112182021-12-21 12:54:39.446root 11241100x8000000000000000733081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44fb2fdd9fd309a2021-12-21 12:54:39.446root 11241100x8000000000000000733082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0ab8af6c46ccaf2021-12-21 12:54:39.446root 11241100x8000000000000000733083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5a39aba8722a282021-12-21 12:54:39.446root 11241100x8000000000000000733084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73121320e3722fdf2021-12-21 12:54:39.446root 11241100x8000000000000000733085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fdad048a6a40032021-12-21 12:54:39.446root 11241100x8000000000000000733086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98494e5665c606d2021-12-21 12:54:39.446root 11241100x8000000000000000733087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469fbe016edcba302021-12-21 12:54:39.446root 11241100x8000000000000000733088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782602fa50dc60e62021-12-21 12:54:39.446root 11241100x8000000000000000733089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1758140ee2b8a65e2021-12-21 12:54:39.447root 11241100x8000000000000000733090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51095502972401282021-12-21 12:54:39.447root 11241100x8000000000000000733091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c32e9ef5b282ec2021-12-21 12:54:39.447root 11241100x8000000000000000733092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c393cb7702ce4422021-12-21 12:54:39.447root 11241100x8000000000000000733093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3be2a98ffca9bc2021-12-21 12:54:39.447root 11241100x8000000000000000733094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9f3ea0a34c09082021-12-21 12:54:39.447root 11241100x8000000000000000733095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a45b37424bda4c2021-12-21 12:54:39.447root 11241100x8000000000000000733096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1d183357c4705c2021-12-21 12:54:39.447root 11241100x8000000000000000733097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a5ba8ae33226ba2021-12-21 12:54:39.447root 11241100x8000000000000000733098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07dd0ed891f04142021-12-21 12:54:39.447root 11241100x8000000000000000733099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a0cd04d6d1e592021-12-21 12:54:39.448root 11241100x8000000000000000733100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a435d7cf4d15472021-12-21 12:54:39.448root 11241100x8000000000000000733101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f39b05bcd30c6462021-12-21 12:54:39.448root 11241100x8000000000000000733102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd9bd6c70b903f62021-12-21 12:54:39.448root 11241100x8000000000000000733103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bac2887356f8b112021-12-21 12:54:39.448root 11241100x8000000000000000733104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d014d8114efdb9272021-12-21 12:54:39.448root 11241100x8000000000000000733105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684cae86da881e322021-12-21 12:54:39.450root 11241100x8000000000000000733106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052e38945670e17c2021-12-21 12:54:39.450root 11241100x8000000000000000733107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32ef607f4c234ac2021-12-21 12:54:39.943root 11241100x8000000000000000733108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ca3630597b5ea92021-12-21 12:54:39.943root 11241100x8000000000000000733109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01752d08f72cb9c52021-12-21 12:54:39.944root 11241100x8000000000000000733110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484ce117a8422ea72021-12-21 12:54:39.944root 11241100x8000000000000000733111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018f162e0a2bbae72021-12-21 12:54:39.944root 11241100x8000000000000000733112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c7e55914e9af22021-12-21 12:54:39.944root 11241100x8000000000000000733113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90afac312df0cd72021-12-21 12:54:39.944root 11241100x8000000000000000733114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8efc4b7c128762d2021-12-21 12:54:39.944root 11241100x8000000000000000733115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8162479c3966d0922021-12-21 12:54:39.944root 11241100x8000000000000000733116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e973f88e4a0bda4d2021-12-21 12:54:39.945root 11241100x8000000000000000733117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fd9f2c72d312642021-12-21 12:54:39.945root 11241100x8000000000000000733118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1aaf3f2643bb4572021-12-21 12:54:39.945root 11241100x8000000000000000733119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a765b497ade5a6c62021-12-21 12:54:39.945root 11241100x8000000000000000733120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49aaa07d798e5772021-12-21 12:54:39.945root 11241100x8000000000000000733121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855a11ad467e2392021-12-21 12:54:39.945root 11241100x8000000000000000733122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272e25309397dd3f2021-12-21 12:54:39.945root 11241100x8000000000000000733123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce2b37562ad363f2021-12-21 12:54:39.945root 11241100x8000000000000000733124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa23c021866b7c42021-12-21 12:54:39.946root 11241100x8000000000000000733125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305952a2165f13f2021-12-21 12:54:39.946root 11241100x8000000000000000733126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b9916780e4baa12021-12-21 12:54:39.946root 11241100x8000000000000000733127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad6792b4416863e2021-12-21 12:54:39.946root 11241100x8000000000000000733128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e63340c4b8ca34d2021-12-21 12:54:39.946root 11241100x8000000000000000733129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49aec70a4c92f9c2021-12-21 12:54:39.946root 11241100x8000000000000000733130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00073c886343ccaf2021-12-21 12:54:39.946root 11241100x8000000000000000733131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d804e54fd209572021-12-21 12:54:39.946root 11241100x8000000000000000733132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f887c10407eddbc92021-12-21 12:54:39.946root 11241100x8000000000000000733133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3343183d9712a9b52021-12-21 12:54:39.946root 11241100x8000000000000000733134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae03ba3149f125f52021-12-21 12:54:39.946root 11241100x8000000000000000733135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54c9cf4a79355442021-12-21 12:54:39.947root 11241100x8000000000000000733136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f28923d963651ac2021-12-21 12:54:39.947root 11241100x8000000000000000733137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18bc1d6c88a46782021-12-21 12:54:39.947root 11241100x8000000000000000733138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09db6be790539f312021-12-21 12:54:39.947root 11241100x8000000000000000733139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c5a270b22543e22021-12-21 12:54:39.947root 11241100x8000000000000000733140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0eccd39a4f0b5b2021-12-21 12:54:39.947root 11241100x8000000000000000733141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8421d4b3a62aff2021-12-21 12:54:39.947root 11241100x8000000000000000733142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db0ab46bad27d282021-12-21 12:54:39.947root 11241100x8000000000000000733143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26e969a278893a52021-12-21 12:54:39.947root 11241100x8000000000000000733144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.442{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172/usr/bin/vim.basic/home/ubuntu/.viminfo.tmp2021-12-21 12:54:40.442root 23542300x8000000000000000733145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.442{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172root/usr/bin/vim.basic/home/ubuntu/.viminfo--- 11241100x8000000000000000733146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69174fc91cfe68292021-12-21 12:54:40.442root 11241100x8000000000000000733147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dadf14a338d9cf82021-12-21 12:54:40.443root 23542300x8000000000000000733148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.442{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172root/usr/bin/vim.basic/etc/.shadow.swp--- 11241100x8000000000000000733149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7297ae34da4fa32021-12-21 12:54:40.443root 11241100x8000000000000000733150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1661258266eed0732021-12-21 12:54:40.443root 11241100x8000000000000000733151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86a7044578aeefa2021-12-21 12:54:40.443root 11241100x8000000000000000733152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a300de28ae2f1b2021-12-21 12:54:40.443root 11241100x8000000000000000733153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8a0d83f5d8da92021-12-21 12:54:40.443root 11241100x8000000000000000733154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3b1f2a7af1039d2021-12-21 12:54:40.443root 11241100x8000000000000000733155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06a9f8029371eda2021-12-21 12:54:40.443root 11241100x8000000000000000733156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b5e74639ed23552021-12-21 12:54:40.443root 11241100x8000000000000000733157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9698a1af56f8f32021-12-21 12:54:40.443root 11241100x8000000000000000733158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d507feba8cd8232021-12-21 12:54:40.443root 11241100x8000000000000000733159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6afe44671831a2021-12-21 12:54:40.443root 11241100x8000000000000000733160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2f60e821b24b262021-12-21 12:54:40.443root 11241100x8000000000000000733161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5497557c4005d762021-12-21 12:54:40.443root 11241100x8000000000000000733162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3d6e25981d7e132021-12-21 12:54:40.444root 11241100x8000000000000000733163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1016dde991ecef872021-12-21 12:54:40.444root 11241100x8000000000000000733164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0f229377027e892021-12-21 12:54:40.444root 11241100x8000000000000000733165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc57e31de01f5eb2021-12-21 12:54:40.444root 11241100x8000000000000000733166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9070d03f2b3ea3a92021-12-21 12:54:40.444root 534500x8000000000000000733167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.443{ec2b6afe-ce8b-61c1-5079-83bc75550000}10172/usr/bin/vim.basicroot 11241100x8000000000000000733168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5ea947a6e9794c2021-12-21 12:54:40.444root 11241100x8000000000000000733169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de7676088e35bc32021-12-21 12:54:40.444root 11241100x8000000000000000733170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e53614b597a6472021-12-21 12:54:40.444root 11241100x8000000000000000733171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab53d314d6ab13c42021-12-21 12:54:40.444root 11241100x8000000000000000733172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27175731c29862af2021-12-21 12:54:40.444root 11241100x8000000000000000733173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca7ededccfed492021-12-21 12:54:40.444root 11241100x8000000000000000733174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abff511ef69165e2021-12-21 12:54:40.444root 11241100x8000000000000000733175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff5b381ad09f2872021-12-21 12:54:40.445root 11241100x8000000000000000733176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3e9bef54b673be2021-12-21 12:54:40.445root 534500x8000000000000000733177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.444{ec2b6afe-ce8b-61c1-080e-d571a8550000}10171/usr/bin/sudoroot 11241100x8000000000000000733178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b29a2a5d51483ce2021-12-21 12:54:40.445root 11241100x8000000000000000733179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa7c77d886e067e2021-12-21 12:54:40.445root 11241100x8000000000000000733180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1503157bbd7dbd42021-12-21 12:54:40.445root 11241100x8000000000000000733181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb720cf701b179072021-12-21 12:54:40.445root 11241100x8000000000000000733182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e8ad7507ba2fa02021-12-21 12:54:40.445root 11241100x8000000000000000733183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5d37cbf51a514a2021-12-21 12:54:40.445root 11241100x8000000000000000733184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8b56da2add18002021-12-21 12:54:40.446root 11241100x8000000000000000733185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73d0f5264f9552d2021-12-21 12:54:40.446root 11241100x8000000000000000733186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e238c8e50374d20b2021-12-21 12:54:40.446root 11241100x8000000000000000733187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf916b580282b232021-12-21 12:54:40.446root 11241100x8000000000000000733188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8548458441e2f52021-12-21 12:54:40.446root 11241100x8000000000000000733189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd43b4147fc996d2021-12-21 12:54:40.446root 11241100x8000000000000000733190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b3477c69d18592021-12-21 12:54:40.446root 11241100x8000000000000000733191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ce0419c5f3b1a42021-12-21 12:54:40.446root 11241100x8000000000000000733192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c05909b6cbb6cf2021-12-21 12:54:40.447root 11241100x8000000000000000733193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f8c41af32e3b352021-12-21 12:54:40.447root 11241100x8000000000000000733194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6753047139b92d92021-12-21 12:54:40.447root 11241100x8000000000000000733195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2abd9d218b357a2021-12-21 12:54:40.449root 11241100x8000000000000000733196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9408b323715ec2021-12-21 12:54:40.449root 11241100x8000000000000000733197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7120aabbaaa510a72021-12-21 12:54:40.449root 11241100x8000000000000000733198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09f1710b5f717f02021-12-21 12:54:40.450root 11241100x8000000000000000733199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182a4103b44e02f32021-12-21 12:54:40.450root 11241100x8000000000000000733200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd37a1a5fad40b2021-12-21 12:54:40.450root 11241100x8000000000000000733201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5848b8eafedf9fee2021-12-21 12:54:40.450root 11241100x8000000000000000733202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3115de383c26c82021-12-21 12:54:40.451root 11241100x8000000000000000733203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4754c377dd443e9f2021-12-21 12:54:40.451root 11241100x8000000000000000733204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd317690ba3056762021-12-21 12:54:40.451root 11241100x8000000000000000733205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f487ad365774d5042021-12-21 12:54:40.452root 11241100x8000000000000000733206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afe05cbeb446beb2021-12-21 12:54:40.452root 11241100x8000000000000000733207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e88ed0d0fc1ec2021-12-21 12:54:40.452root 11241100x8000000000000000733208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee7f3e983a2cbcd2021-12-21 12:54:40.452root 11241100x8000000000000000733209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195c7280efdf951c2021-12-21 12:54:40.452root 11241100x8000000000000000733210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68fff080c8818592021-12-21 12:54:40.453root 11241100x8000000000000000733211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf69f02debd1d22021-12-21 12:54:40.453root 11241100x8000000000000000733212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6821e13abebcdb3d2021-12-21 12:54:40.454root 11241100x8000000000000000733213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113938e6c84da22f2021-12-21 12:54:40.454root 11241100x8000000000000000733214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e4dae4362cf8312021-12-21 12:54:40.943root 11241100x8000000000000000733215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b242c59f353e5f7b2021-12-21 12:54:40.943root 11241100x8000000000000000733216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58527ed0a4645ad42021-12-21 12:54:40.943root 11241100x8000000000000000733217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe56e7b6e9de4bd82021-12-21 12:54:40.943root 11241100x8000000000000000733218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2478bb6f7f7272021-12-21 12:54:40.944root 11241100x8000000000000000733219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea81566035b1fe882021-12-21 12:54:40.944root 11241100x8000000000000000733220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b8100769750882021-12-21 12:54:40.944root 11241100x8000000000000000733221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7271394bc5df36b2021-12-21 12:54:40.944root 11241100x8000000000000000733222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9070ba53d47346ca2021-12-21 12:54:40.944root 11241100x8000000000000000733223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c6708deabc76362021-12-21 12:54:40.945root 11241100x8000000000000000733224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666d2b3d341a3e332021-12-21 12:54:40.945root 11241100x8000000000000000733225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad32cce4ad1c71e92021-12-21 12:54:40.945root 11241100x8000000000000000733226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f043460f3e829e72021-12-21 12:54:40.945root 11241100x8000000000000000733227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bd9f0f46ffbfa42021-12-21 12:54:40.946root 11241100x8000000000000000733228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b9255562857f4a2021-12-21 12:54:40.946root 11241100x8000000000000000733229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2846b28dbc06112021-12-21 12:54:40.946root 11241100x8000000000000000733230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a42772e524f17502021-12-21 12:54:40.946root 11241100x8000000000000000733231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1a9fc9b25f7a572021-12-21 12:54:40.946root 11241100x8000000000000000733232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ef298c0aa5504a2021-12-21 12:54:40.946root 11241100x8000000000000000733233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9cef31185e94c52021-12-21 12:54:40.946root 11241100x8000000000000000733234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27b9ccf5bd6af352021-12-21 12:54:40.946root 11241100x8000000000000000733235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f29ca53d75d2a62021-12-21 12:54:40.946root 11241100x8000000000000000733236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51822fc718cc7742021-12-21 12:54:40.946root 11241100x8000000000000000733237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f95d8eeb012c72021-12-21 12:54:40.947root 11241100x8000000000000000733238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9885f512bf78c92021-12-21 12:54:40.947root 11241100x8000000000000000733239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f1d71be55f39d32021-12-21 12:54:40.947root 11241100x8000000000000000733240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64b9eed45fb3f532021-12-21 12:54:40.947root 11241100x8000000000000000733241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727e0eb6848294212021-12-21 12:54:40.947root 11241100x8000000000000000733242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418436d064de2bd32021-12-21 12:54:40.947root 11241100x8000000000000000733243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9440828a563d2b862021-12-21 12:54:40.947root 11241100x8000000000000000733244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb14c9937f1c00742021-12-21 12:54:40.947root 11241100x8000000000000000733245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c931d241cfa51bd52021-12-21 12:54:40.948root 11241100x8000000000000000733246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a688b59d61fc3fab2021-12-21 12:54:40.948root 11241100x8000000000000000733247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31e1b70ead7f7342021-12-21 12:54:40.948root 11241100x8000000000000000733248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f37d6c0b4ccf6a2021-12-21 12:54:40.948root 11241100x8000000000000000733249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a82d211d2a1fe22021-12-21 12:54:40.948root 11241100x8000000000000000733250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ccf184f480d7a52021-12-21 12:54:40.949root 11241100x8000000000000000733251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44603c98ec9831cd2021-12-21 12:54:40.949root 11241100x8000000000000000733252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8994b1187317862021-12-21 12:54:40.949root 11241100x8000000000000000733253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9a7bf31a9114322021-12-21 12:54:40.949root 11241100x8000000000000000733254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a117b7a6abb2cdd2021-12-21 12:54:40.949root 11241100x8000000000000000733255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58a9197912226162021-12-21 12:54:40.949root 11241100x8000000000000000733256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22de43a37beff372021-12-21 12:54:40.949root 11241100x8000000000000000733257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bfe4e4410c9a912021-12-21 12:54:40.950root 11241100x8000000000000000733258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b2a3d0688eb5fa2021-12-21 12:54:40.950root 11241100x8000000000000000733259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e32ce8e1f0bcdf2021-12-21 12:54:40.950root 11241100x8000000000000000733260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f326734b4d8907da2021-12-21 12:54:40.950root 11241100x8000000000000000733261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac0da41f6cce9ff2021-12-21 12:54:40.950root 11241100x8000000000000000733262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead4c7526760655a2021-12-21 12:54:40.951root 11241100x8000000000000000733263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:40.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13692b1aa2c19912021-12-21 12:54:40.951root 11241100x8000000000000000733264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dd55ab4ddaf9982021-12-21 12:54:41.443root 11241100x8000000000000000733265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd81b98fa4166b62021-12-21 12:54:41.443root 11241100x8000000000000000733266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7beea4018823cf2021-12-21 12:54:41.443root 11241100x8000000000000000733267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12cf5d9fc3fb0532021-12-21 12:54:41.443root 11241100x8000000000000000733268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecd6c5ae57095d12021-12-21 12:54:41.444root 11241100x8000000000000000733269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0423117b382a0ff32021-12-21 12:54:41.444root 11241100x8000000000000000733270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5432dffe940b32b2021-12-21 12:54:41.444root 11241100x8000000000000000733271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4305b9e8d701af682021-12-21 12:54:41.444root 11241100x8000000000000000733272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d894841b637e78b22021-12-21 12:54:41.444root 11241100x8000000000000000733273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70b8ff31d3f77592021-12-21 12:54:41.444root 11241100x8000000000000000733274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b5682faabe1a712021-12-21 12:54:41.444root 11241100x8000000000000000733275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f0c385a8b744f42021-12-21 12:54:41.444root 11241100x8000000000000000733276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45132a61a300b2e82021-12-21 12:54:41.445root 11241100x8000000000000000733277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497598cd45228d8d2021-12-21 12:54:41.445root 11241100x8000000000000000733278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef60ca5fec6051ba2021-12-21 12:54:41.445root 11241100x8000000000000000733279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b70cfaa4a681ebe2021-12-21 12:54:41.445root 11241100x8000000000000000733280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da138b279f72e742021-12-21 12:54:41.445root 11241100x8000000000000000733281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053910ec88e56f2c2021-12-21 12:54:41.445root 11241100x8000000000000000733282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32417d7b7d326dba2021-12-21 12:54:41.445root 11241100x8000000000000000733283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07769346f4f0cf1f2021-12-21 12:54:41.445root 11241100x8000000000000000733284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd9ff4b394b5b272021-12-21 12:54:41.445root 11241100x8000000000000000733285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9bfa6068618ab22021-12-21 12:54:41.446root 11241100x8000000000000000733286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eebfcf19703abec2021-12-21 12:54:41.446root 11241100x8000000000000000733287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063b97f6a03c0d992021-12-21 12:54:41.446root 11241100x8000000000000000733288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd172e88610cde22021-12-21 12:54:41.446root 11241100x8000000000000000733289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0848ceff74c29f2021-12-21 12:54:41.446root 11241100x8000000000000000733290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb61741fbb79936a2021-12-21 12:54:41.446root 11241100x8000000000000000733291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5adc9200b7b95a2021-12-21 12:54:41.446root 11241100x8000000000000000733292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af25dbd8f80657a2021-12-21 12:54:41.447root 11241100x8000000000000000733293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de36bf4c52282f072021-12-21 12:54:41.447root 11241100x8000000000000000733294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d762747ce45d16932021-12-21 12:54:41.447root 11241100x8000000000000000733295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb6a1f4725403662021-12-21 12:54:41.448root 11241100x8000000000000000733296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef65db09255c0b202021-12-21 12:54:41.448root 11241100x8000000000000000733297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbcbf3695aabee42021-12-21 12:54:41.448root 11241100x8000000000000000733298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561933ea2955e4c2021-12-21 12:54:41.448root 11241100x8000000000000000733299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371c837e3e9ff8192021-12-21 12:54:41.448root 11241100x8000000000000000733300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0236105cae4c37db2021-12-21 12:54:41.448root 11241100x8000000000000000733301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a07c1b55d49a4312021-12-21 12:54:41.448root 11241100x8000000000000000733302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504d04215226f71e2021-12-21 12:54:41.448root 11241100x8000000000000000733303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ae9543fe8d41ef2021-12-21 12:54:41.448root 11241100x8000000000000000733304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ce2be1e47e60072021-12-21 12:54:41.449root 11241100x8000000000000000733305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae498391bc9b27e62021-12-21 12:54:41.449root 11241100x8000000000000000733306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d3e9628d1ac0b52021-12-21 12:54:41.449root 11241100x8000000000000000733307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a6ee0603470b892021-12-21 12:54:41.943root 11241100x8000000000000000733308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cf90a6761100b82021-12-21 12:54:41.943root 11241100x8000000000000000733309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658cc7ebcef6d4a82021-12-21 12:54:41.943root 11241100x8000000000000000733310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2cea05e148c192021-12-21 12:54:41.943root 11241100x8000000000000000733311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569f76f9d89e8d932021-12-21 12:54:41.943root 11241100x8000000000000000733312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1308ff4e11044f2021-12-21 12:54:41.943root 11241100x8000000000000000733313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128f03dff59f557a2021-12-21 12:54:41.943root 11241100x8000000000000000733314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec83e1ce3e279322021-12-21 12:54:41.943root 11241100x8000000000000000733315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea731dbaf7f549bf2021-12-21 12:54:41.943root 11241100x8000000000000000733316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40ce4ca0a7c17632021-12-21 12:54:41.943root 11241100x8000000000000000733317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8e4356934020792021-12-21 12:54:41.944root 11241100x8000000000000000733318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793cc885c79c1dd32021-12-21 12:54:41.944root 11241100x8000000000000000733319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334aa879d23ec6a12021-12-21 12:54:41.944root 11241100x8000000000000000733320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32b848f9fa066722021-12-21 12:54:41.944root 11241100x8000000000000000733321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d657472a26c17a3b2021-12-21 12:54:41.944root 11241100x8000000000000000733322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d04f57d9837d4a72021-12-21 12:54:41.944root 11241100x8000000000000000733323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e1bad97353ff3f2021-12-21 12:54:41.944root 11241100x8000000000000000733324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971b53d9b9d6d0fe2021-12-21 12:54:41.944root 11241100x8000000000000000733325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d393fd664a59e82021-12-21 12:54:41.944root 11241100x8000000000000000733326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6271693f272abc1a2021-12-21 12:54:41.944root 11241100x8000000000000000733327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404eb4a319342f862021-12-21 12:54:41.945root 11241100x8000000000000000733328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c976b9f8182c1e62021-12-21 12:54:41.945root 11241100x8000000000000000733329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8d33788414fe4a2021-12-21 12:54:41.945root 11241100x8000000000000000733330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174210ef37ca861a2021-12-21 12:54:41.945root 11241100x8000000000000000733331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337251df30afd17c2021-12-21 12:54:41.945root 11241100x8000000000000000733332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6e80cd0cd10f12021-12-21 12:54:41.945root 11241100x8000000000000000733333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb1618585d937142021-12-21 12:54:41.945root 11241100x8000000000000000733334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a23d57e09a7a7b2021-12-21 12:54:41.946root 11241100x8000000000000000733335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4356654c86a0072021-12-21 12:54:41.946root 11241100x8000000000000000733336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560e5c685c30dabb2021-12-21 12:54:41.946root 11241100x8000000000000000733337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766ebd85580e4ac72021-12-21 12:54:41.946root 11241100x8000000000000000733338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb10ae43f56ee7b2021-12-21 12:54:41.946root 11241100x8000000000000000733339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c984f6fae96b11d32021-12-21 12:54:41.946root 11241100x8000000000000000733340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19e493405ae083c2021-12-21 12:54:41.946root 11241100x8000000000000000733341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169d671ccee635c72021-12-21 12:54:41.946root 11241100x8000000000000000733342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85d15d9331fbdbe2021-12-21 12:54:41.946root 11241100x8000000000000000733343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668718b11aa127682021-12-21 12:54:41.947root 11241100x8000000000000000733344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2573a2017000fc032021-12-21 12:54:41.947root 11241100x8000000000000000733345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335195b1de4c315c2021-12-21 12:54:41.947root 11241100x8000000000000000733346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80a2589544383ab2021-12-21 12:54:41.947root 11241100x8000000000000000733347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d7a96fd07665392021-12-21 12:54:41.947root 11241100x8000000000000000733348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae896e730c716072021-12-21 12:54:41.947root 11241100x8000000000000000733349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1302ec28ef630e2021-12-21 12:54:41.947root 11241100x8000000000000000733350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724d5229908d14872021-12-21 12:54:41.947root 11241100x8000000000000000733351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c889cca317e299f82021-12-21 12:54:41.947root 11241100x8000000000000000733352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6887595ea108b2021-12-21 12:54:41.947root 11241100x8000000000000000733353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf48509a516f4b62021-12-21 12:54:41.948root 11241100x8000000000000000733354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb655dd32cc86cc2021-12-21 12:54:41.948root 11241100x8000000000000000733355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9008917ad279682021-12-21 12:54:41.948root 11241100x8000000000000000733356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d7a2e59d3ba0a92021-12-21 12:54:41.948root 11241100x8000000000000000733357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cb89931c8263e52021-12-21 12:54:41.948root 11241100x8000000000000000733358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebdb6de47885a772021-12-21 12:54:41.948root 11241100x8000000000000000733359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d024902b1db05662021-12-21 12:54:41.948root 11241100x8000000000000000733360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb43c6f0d8cbc9ae2021-12-21 12:54:41.948root 11241100x8000000000000000733361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08953869c1503fb2021-12-21 12:54:41.948root 11241100x8000000000000000733362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843072b8b63dcd7f2021-12-21 12:54:41.948root 11241100x8000000000000000733363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3b3cc385296b062021-12-21 12:54:41.949root 11241100x8000000000000000733364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ab793a336d2c942021-12-21 12:54:41.949root 11241100x8000000000000000733365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f977215a58239292021-12-21 12:54:41.949root 11241100x8000000000000000733366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1725d13b2618952021-12-21 12:54:41.949root 11241100x8000000000000000733367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd4c08570d810e02021-12-21 12:54:41.949root 11241100x8000000000000000733368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8f21dc8c90e1ee2021-12-21 12:54:41.949root 11241100x8000000000000000733369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b0263c6918cd882021-12-21 12:54:41.949root 11241100x8000000000000000733370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecdb4ec35a90a542021-12-21 12:54:41.949root 11241100x8000000000000000733371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36629cef146e77cc2021-12-21 12:54:41.949root 11241100x8000000000000000733372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5460b0ab9177fb2021-12-21 12:54:41.949root 11241100x8000000000000000733373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13e571b47fc3a592021-12-21 12:54:41.949root 11241100x8000000000000000733374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8ace67b6d97bbb2021-12-21 12:54:41.949root 11241100x8000000000000000733375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:41.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40280ea3028762c2021-12-21 12:54:41.949root 11241100x8000000000000000733376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ddcc5efe34aa122021-12-21 12:54:42.443root 11241100x8000000000000000733377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9515ce3ce7d21e2021-12-21 12:54:42.443root 11241100x8000000000000000733378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e5c034d61f8fb72021-12-21 12:54:42.443root 11241100x8000000000000000733379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029476e5ace310d82021-12-21 12:54:42.443root 11241100x8000000000000000733380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5570d65d3c2320282021-12-21 12:54:42.443root 11241100x8000000000000000733381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2765385a980d6da2021-12-21 12:54:42.444root 11241100x8000000000000000733382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35795e5651b2f2a22021-12-21 12:54:42.444root 11241100x8000000000000000733383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5861c39a81f2c42021-12-21 12:54:42.444root 11241100x8000000000000000733384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330718e67d3588f22021-12-21 12:54:42.444root 11241100x8000000000000000733385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5efdd9860533f202021-12-21 12:54:42.444root 11241100x8000000000000000733386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1922eba836bd0a312021-12-21 12:54:42.444root 11241100x8000000000000000733387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe0e5fdf86b33a92021-12-21 12:54:42.444root 11241100x8000000000000000733388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715b48c7fbe024662021-12-21 12:54:42.444root 11241100x8000000000000000733389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3411f10d04ac90a42021-12-21 12:54:42.444root 11241100x8000000000000000733390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ed75ef75bd8cbd2021-12-21 12:54:42.444root 11241100x8000000000000000733391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf646bcb2acf13822021-12-21 12:54:42.444root 11241100x8000000000000000733392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eda8562eb3d18c32021-12-21 12:54:42.444root 11241100x8000000000000000733393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528380a9fbf380512021-12-21 12:54:42.444root 11241100x8000000000000000733394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f3bd26fba67ffa2021-12-21 12:54:42.444root 11241100x8000000000000000733395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7531f0233f6839122021-12-21 12:54:42.444root 11241100x8000000000000000733396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3074e1b0b54960622021-12-21 12:54:42.445root 11241100x8000000000000000733397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc435158aa65d3482021-12-21 12:54:42.445root 11241100x8000000000000000733398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbbe63334cd7aa42021-12-21 12:54:42.445root 11241100x8000000000000000733399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f22acca1faf5782021-12-21 12:54:42.445root 11241100x8000000000000000733400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf5fefd6d272e592021-12-21 12:54:42.445root 11241100x8000000000000000733401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad00776b9fd5a22021-12-21 12:54:42.445root 11241100x8000000000000000733402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5268bcc1aa92a7152021-12-21 12:54:42.445root 11241100x8000000000000000733403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c13de38caf9b2d02021-12-21 12:54:42.445root 11241100x8000000000000000733404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d6f8d0b1a6acd92021-12-21 12:54:42.445root 11241100x8000000000000000733405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe72d5a6cd09fe2021-12-21 12:54:42.445root 11241100x8000000000000000733406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260e0dc5f2f761b2021-12-21 12:54:42.445root 11241100x8000000000000000733407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60579df7a2d37d322021-12-21 12:54:42.445root 11241100x8000000000000000733408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8346a537594915752021-12-21 12:54:42.445root 11241100x8000000000000000733409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be36d8e4c01082a12021-12-21 12:54:42.446root 11241100x8000000000000000733410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c40e3329f36e3b2021-12-21 12:54:42.446root 11241100x8000000000000000733411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bfd5034d8657262021-12-21 12:54:42.446root 11241100x8000000000000000733412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438af060468c410f2021-12-21 12:54:42.446root 11241100x8000000000000000733413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811f377ce3e693ff2021-12-21 12:54:42.446root 11241100x8000000000000000733414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d581f6e2b141a1ce2021-12-21 12:54:42.446root 11241100x8000000000000000733415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e22d3c820989c52021-12-21 12:54:42.447root 11241100x8000000000000000733416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c276cb2b8b0d3752021-12-21 12:54:42.447root 11241100x8000000000000000733417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b14c75003ad65702021-12-21 12:54:42.447root 11241100x8000000000000000733418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0bd9d0d4db67032021-12-21 12:54:42.447root 11241100x8000000000000000733419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2653c18556ce3ba12021-12-21 12:54:42.447root 11241100x8000000000000000733420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca5cebd83b6b7302021-12-21 12:54:42.447root 11241100x8000000000000000733421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02dcf97feb2df202021-12-21 12:54:42.447root 11241100x8000000000000000733422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72adb45657697b22021-12-21 12:54:42.448root 11241100x8000000000000000733423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db685df8bfddd3172021-12-21 12:54:42.448root 11241100x8000000000000000733424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372bb93b68731d5e2021-12-21 12:54:42.448root 11241100x8000000000000000733425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1934989848c1a6f32021-12-21 12:54:42.448root 11241100x8000000000000000733426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5303ae74a431ab72021-12-21 12:54:42.448root 11241100x8000000000000000733427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cd6f4de33396b12021-12-21 12:54:42.449root 11241100x8000000000000000733428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e655a460987f4e92021-12-21 12:54:42.943root 11241100x8000000000000000733429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507987394bb7639d2021-12-21 12:54:42.943root 11241100x8000000000000000733430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d4467b38253af02021-12-21 12:54:42.943root 11241100x8000000000000000733431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6b42814ab3e5992021-12-21 12:54:42.943root 11241100x8000000000000000733432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b433d3033e64be982021-12-21 12:54:42.944root 11241100x8000000000000000733433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfd9eee99c7ff952021-12-21 12:54:42.944root 11241100x8000000000000000733434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec01edb706119452021-12-21 12:54:42.944root 11241100x8000000000000000733435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fbb33dca7afdca2021-12-21 12:54:42.944root 11241100x8000000000000000733436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9b23c5e55ed2582021-12-21 12:54:42.944root 11241100x8000000000000000733437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8b24d20875dfdd2021-12-21 12:54:42.944root 11241100x8000000000000000733438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be6807fdf1346fa2021-12-21 12:54:42.944root 11241100x8000000000000000733439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0694453880aae402021-12-21 12:54:42.945root 11241100x8000000000000000733440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade149b16e28a22e2021-12-21 12:54:42.945root 11241100x8000000000000000733441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d40aac3ad9fe21a2021-12-21 12:54:42.945root 11241100x8000000000000000733442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e8018abe9d92cd2021-12-21 12:54:42.945root 11241100x8000000000000000733443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d94d1bcdbc8372021-12-21 12:54:42.945root 11241100x8000000000000000733444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1befbd51cce1a9332021-12-21 12:54:42.946root 11241100x8000000000000000733445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc47f613998946e2021-12-21 12:54:42.946root 11241100x8000000000000000733446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce17a35f321601d22021-12-21 12:54:42.946root 11241100x8000000000000000733447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ae6f0e0db27f512021-12-21 12:54:42.946root 11241100x8000000000000000733448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63e10dd043341f22021-12-21 12:54:42.946root 11241100x8000000000000000733449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9366f9d8fcc38002021-12-21 12:54:42.946root 11241100x8000000000000000733450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe158090c0f34122021-12-21 12:54:42.946root 11241100x8000000000000000733451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e11c5a3adaa5b92021-12-21 12:54:42.946root 11241100x8000000000000000733452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4c7af69fdace9c2021-12-21 12:54:42.948root 11241100x8000000000000000733453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96db12b065ac026e2021-12-21 12:54:42.948root 11241100x8000000000000000733454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74437e7c6b5b60982021-12-21 12:54:42.948root 11241100x8000000000000000733455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af323fdc309da3252021-12-21 12:54:42.949root 11241100x8000000000000000733456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a183cf2a273751682021-12-21 12:54:42.949root 11241100x8000000000000000733457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6237ad2d05933cc12021-12-21 12:54:42.949root 11241100x8000000000000000733458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86c67fb8ee70d622021-12-21 12:54:42.949root 11241100x8000000000000000733459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1db2c3eb8a32b2021-12-21 12:54:42.949root 11241100x8000000000000000733460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941c0e2414344d3f2021-12-21 12:54:42.949root 11241100x8000000000000000733461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c009433fedff64162021-12-21 12:54:42.949root 11241100x8000000000000000733462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955acdcec2f0a71a2021-12-21 12:54:42.949root 11241100x8000000000000000733463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b2fd03bdeea2bf2021-12-21 12:54:42.949root 11241100x8000000000000000733464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0337b58ee727bb212021-12-21 12:54:42.949root 11241100x8000000000000000733465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed86bf6596ed247c2021-12-21 12:54:42.949root 11241100x8000000000000000733466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639e4e5292cee402021-12-21 12:54:42.950root 11241100x8000000000000000733467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5921278f93f0412021-12-21 12:54:42.950root 11241100x8000000000000000733468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712314ca83332d3c2021-12-21 12:54:42.950root 11241100x8000000000000000733469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0982ee232534d112021-12-21 12:54:42.950root 11241100x8000000000000000733470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b563fa11148b302021-12-21 12:54:42.950root 11241100x8000000000000000733471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fe50af6a5b7e562021-12-21 12:54:42.950root 11241100x8000000000000000733472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f3e567e71d9c5d2021-12-21 12:54:42.950root 11241100x8000000000000000733473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182f898bb75b7dd2021-12-21 12:54:42.950root 11241100x8000000000000000733474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa43b9e39df59802021-12-21 12:54:42.950root 11241100x8000000000000000733475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6859468ce74f3ca42021-12-21 12:54:42.950root 11241100x8000000000000000733476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0721541321ba52021-12-21 12:54:42.950root 11241100x8000000000000000733477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fa4413706d23762021-12-21 12:54:42.950root 11241100x8000000000000000733478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5de6f61db70da12021-12-21 12:54:42.950root 11241100x8000000000000000733479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97b68a309d476252021-12-21 12:54:42.950root 11241100x8000000000000000733480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99676f970de13ee92021-12-21 12:54:42.950root 11241100x8000000000000000733481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15191b47f38326a2021-12-21 12:54:42.950root 11241100x8000000000000000733482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f0885e91ea342f2021-12-21 12:54:42.950root 11241100x8000000000000000733483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4129325637c85232021-12-21 12:54:42.951root 11241100x8000000000000000733484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:42.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d12a45dd955ab792021-12-21 12:54:42.951root 154100x8000000000000000733485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.050{ec2b6afe-ce93-61c1-68c4-7b5caf550000}10173/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000733486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.062{ec2b6afe-ce93-61c1-68c4-7b5caf550000}10173/bin/psroot 11241100x8000000000000000733487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f4335c247ba4332021-12-21 12:54:43.443root 11241100x8000000000000000733488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faae17f9f081ddaa2021-12-21 12:54:43.445root 11241100x8000000000000000733489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34de6deee1b4a8222021-12-21 12:54:43.445root 11241100x8000000000000000733490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0e02b3b965126c2021-12-21 12:54:43.445root 11241100x8000000000000000733491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308f8012bbe2e2ec2021-12-21 12:54:43.445root 11241100x8000000000000000733492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b763b73db3b41c2021-12-21 12:54:43.445root 11241100x8000000000000000733493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11daa397d14c166e2021-12-21 12:54:43.445root 11241100x8000000000000000733494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67abfcc5a78d73952021-12-21 12:54:43.446root 11241100x8000000000000000733495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db76fd0150e215b12021-12-21 12:54:43.446root 11241100x8000000000000000733496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5f5160e3ab8e632021-12-21 12:54:43.446root 11241100x8000000000000000733497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45290acc5ebaa9e2021-12-21 12:54:43.446root 11241100x8000000000000000733498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d494b21f9827372021-12-21 12:54:43.446root 11241100x8000000000000000733499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ad6d65669040c92021-12-21 12:54:43.446root 11241100x8000000000000000733500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5727cd6b186101672021-12-21 12:54:43.446root 11241100x8000000000000000733501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aa1d65c41ee0bf2021-12-21 12:54:43.446root 11241100x8000000000000000733502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d58e9365057c3e02021-12-21 12:54:43.447root 11241100x8000000000000000733503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9846b4886280892021-12-21 12:54:43.447root 11241100x8000000000000000733504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc236da60365d642021-12-21 12:54:43.447root 11241100x8000000000000000733505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e908b5b244f608e2021-12-21 12:54:43.447root 11241100x8000000000000000733506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1622c240452149e32021-12-21 12:54:43.447root 11241100x8000000000000000733507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b3a7cf4ecf3aac2021-12-21 12:54:43.447root 11241100x8000000000000000733508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fd8c407e3a10172021-12-21 12:54:43.447root 11241100x8000000000000000733509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2896b83e6090172021-12-21 12:54:43.447root 11241100x8000000000000000733510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c317d30050e36bf42021-12-21 12:54:43.448root 11241100x8000000000000000733511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f574b820c635e422021-12-21 12:54:43.448root 11241100x8000000000000000733512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e87b9aaa2a322152021-12-21 12:54:43.448root 11241100x8000000000000000733513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302cd6593af4769a2021-12-21 12:54:43.448root 11241100x8000000000000000733514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b0f9cb0db4da82021-12-21 12:54:43.448root 11241100x8000000000000000733515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dd3e07f3873b722021-12-21 12:54:43.448root 11241100x8000000000000000733516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647fba084dfff7982021-12-21 12:54:43.448root 11241100x8000000000000000733517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c395a0a6aef1eae82021-12-21 12:54:43.449root 11241100x8000000000000000733518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bb69107cef48882021-12-21 12:54:43.449root 11241100x8000000000000000733519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3f523458583b562021-12-21 12:54:43.449root 11241100x8000000000000000733520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a637bdb90f7822021-12-21 12:54:43.449root 11241100x8000000000000000733521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5329514edc506c652021-12-21 12:54:43.449root 11241100x8000000000000000733522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6763948cb97119602021-12-21 12:54:43.449root 11241100x8000000000000000733523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78385893d6cadf92021-12-21 12:54:43.449root 11241100x8000000000000000733524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c4eecd7cc13b892021-12-21 12:54:43.450root 11241100x8000000000000000733525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ed86c9222d27dc2021-12-21 12:54:43.450root 11241100x8000000000000000733526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af294d1d7084c3872021-12-21 12:54:43.450root 11241100x8000000000000000733527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f6d1e385996e5f2021-12-21 12:54:43.450root 11241100x8000000000000000733528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d104399c4406582021-12-21 12:54:43.450root 11241100x8000000000000000733529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6b0f4bc553a9702021-12-21 12:54:43.943root 11241100x8000000000000000733530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b98050a0ee0d902021-12-21 12:54:43.943root 11241100x8000000000000000733531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdf2b23a56564872021-12-21 12:54:43.943root 11241100x8000000000000000733532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef21d3a249d1c01d2021-12-21 12:54:43.943root 11241100x8000000000000000733533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcea5132b2f18792021-12-21 12:54:43.943root 11241100x8000000000000000733534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b30b987916a3cc2021-12-21 12:54:43.943root 11241100x8000000000000000733535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a5d21b384f546c2021-12-21 12:54:43.943root 11241100x8000000000000000733536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c82cf27b2342ed2021-12-21 12:54:43.943root 11241100x8000000000000000733537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934a1b948dd6c0ef2021-12-21 12:54:43.944root 11241100x8000000000000000733538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b69baaeacf84d22021-12-21 12:54:43.944root 11241100x8000000000000000733539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b092358d75303942021-12-21 12:54:43.944root 11241100x8000000000000000733540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e401c7d203cf8ba2021-12-21 12:54:43.944root 11241100x8000000000000000733541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf45060e48391472021-12-21 12:54:43.944root 11241100x8000000000000000733542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9030c9f66a3c3dc62021-12-21 12:54:43.944root 11241100x8000000000000000733543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82b89280a739afa2021-12-21 12:54:43.944root 11241100x8000000000000000733544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a246d95ff689abd2021-12-21 12:54:43.944root 11241100x8000000000000000733545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a3507ebb19997e2021-12-21 12:54:43.944root 11241100x8000000000000000733546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d064e4523ac8762021-12-21 12:54:43.945root 11241100x8000000000000000733547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bf1124eb1144b52021-12-21 12:54:43.945root 11241100x8000000000000000733548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc96c52c4e5212a2021-12-21 12:54:43.945root 11241100x8000000000000000733549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758a12fc44865aca2021-12-21 12:54:43.945root 11241100x8000000000000000733550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef4c263989e584d2021-12-21 12:54:43.945root 11241100x8000000000000000733551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7276ea4d9a33cef2021-12-21 12:54:43.945root 11241100x8000000000000000733552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15804dbb71f43502021-12-21 12:54:43.945root 11241100x8000000000000000733553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeff61c97c61e272021-12-21 12:54:43.945root 11241100x8000000000000000733554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e1afe69fc2cbf52021-12-21 12:54:43.945root 11241100x8000000000000000733555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b839f541fac725fa2021-12-21 12:54:43.946root 11241100x8000000000000000733556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccce7acabba431d2021-12-21 12:54:43.946root 11241100x8000000000000000733557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feab269f5e89c3592021-12-21 12:54:43.946root 11241100x8000000000000000733558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362856078fbc69af2021-12-21 12:54:43.946root 11241100x8000000000000000733559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ac82da8c5e61fd2021-12-21 12:54:43.946root 11241100x8000000000000000733560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24da638fb96e767d2021-12-21 12:54:43.946root 11241100x8000000000000000733561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be32132c1c8b13522021-12-21 12:54:43.946root 11241100x8000000000000000733562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a4d56f7cc562eb2021-12-21 12:54:43.946root 11241100x8000000000000000733563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a246588df19d4c482021-12-21 12:54:43.946root 11241100x8000000000000000733564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023aa97e925e2acd2021-12-21 12:54:43.947root 11241100x8000000000000000733565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271593014c3a57b82021-12-21 12:54:43.947root 11241100x8000000000000000733566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b880cd9220da2cb2021-12-21 12:54:43.947root 11241100x8000000000000000733567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f2bc5df2b9537b2021-12-21 12:54:43.947root 11241100x8000000000000000733568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d5a9634ce1f7f02021-12-21 12:54:43.947root 11241100x8000000000000000733569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd92f5abd36e6ac22021-12-21 12:54:43.947root 11241100x8000000000000000733570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14164a61b7de46b2021-12-21 12:54:43.947root 11241100x8000000000000000733571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6831bbe5a1ff978e2021-12-21 12:54:43.947root 11241100x8000000000000000733572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ac8046650b7f1e2021-12-21 12:54:43.947root 11241100x8000000000000000733573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd752f4c7f320632021-12-21 12:54:43.947root 11241100x8000000000000000733574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dced659efb480d42021-12-21 12:54:43.947root 11241100x8000000000000000733575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e17ca44e92d63412021-12-21 12:54:43.947root 11241100x8000000000000000733576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe5d5a91bb234f22021-12-21 12:54:43.948root 11241100x8000000000000000733577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abe42fab3d934df2021-12-21 12:54:43.948root 11241100x8000000000000000733578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ee306473e6241d2021-12-21 12:54:43.948root 11241100x8000000000000000733579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990d681d2d28f05c2021-12-21 12:54:43.948root 11241100x8000000000000000733580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d36c0c7ede70b5b2021-12-21 12:54:43.948root 11241100x8000000000000000733581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ecc15300d0a5ac2021-12-21 12:54:43.948root 11241100x8000000000000000733582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903a92d08248315c2021-12-21 12:54:43.948root 11241100x8000000000000000733583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee76cac6ceb06272021-12-21 12:54:43.948root 11241100x8000000000000000733584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bc2dae6c22b4152021-12-21 12:54:43.948root 11241100x8000000000000000733585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5aba70927347c92021-12-21 12:54:43.949root 11241100x8000000000000000733586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dc9d737c17e68b2021-12-21 12:54:43.949root 11241100x8000000000000000733587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42833946aaa458e62021-12-21 12:54:43.949root 11241100x8000000000000000733588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac528a2bebd6e6792021-12-21 12:54:43.949root 11241100x8000000000000000733589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06f9021a8f74a4b2021-12-21 12:54:43.949root 11241100x8000000000000000733590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e925c848c9b47a5a2021-12-21 12:54:43.949root 11241100x8000000000000000733591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbefdbe3b175f56f2021-12-21 12:54:43.949root 11241100x8000000000000000733592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925e887b5eba3c592021-12-21 12:54:43.949root 11241100x8000000000000000733593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2e6c39da4d5392021-12-21 12:54:43.949root 11241100x8000000000000000733594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c1abd9b0b261792021-12-21 12:54:43.949root 354300x8000000000000000733595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.086{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50664-false10.0.1.12-8000- 11241100x8000000000000000733596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dda6d1f8aaf34052021-12-21 12:54:44.442root 11241100x8000000000000000733597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60abe6f62c825e32021-12-21 12:54:44.443root 11241100x8000000000000000733598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887b3e874b6a1262021-12-21 12:54:44.443root 11241100x8000000000000000733599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30c9409bcf08a752021-12-21 12:54:44.443root 11241100x8000000000000000733600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b192c4d496918ce2021-12-21 12:54:44.443root 11241100x8000000000000000733601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1977207fb1346cfd2021-12-21 12:54:44.444root 11241100x8000000000000000733602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26071030acdedab52021-12-21 12:54:44.444root 11241100x8000000000000000733603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8602f4d31b05f4d22021-12-21 12:54:44.444root 11241100x8000000000000000733604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557053a64e6df9682021-12-21 12:54:44.444root 11241100x8000000000000000733605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee34d92c96ca3a62021-12-21 12:54:44.444root 11241100x8000000000000000733606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a4705aadf0c252021-12-21 12:54:44.444root 11241100x8000000000000000733607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404094f97ac0ec722021-12-21 12:54:44.444root 11241100x8000000000000000733608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d1ced19a80bb12021-12-21 12:54:44.445root 11241100x8000000000000000733609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5859c3bc163328b52021-12-21 12:54:44.445root 11241100x8000000000000000733610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dc6d0be54395302021-12-21 12:54:44.445root 11241100x8000000000000000733611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b474e8b25744ec2021-12-21 12:54:44.445root 11241100x8000000000000000733612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7758f52db34d72992021-12-21 12:54:44.445root 11241100x8000000000000000733613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4009c2f1668004802021-12-21 12:54:44.445root 11241100x8000000000000000733614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c233617e4681822021-12-21 12:54:44.445root 11241100x8000000000000000733615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f356f2054ecb9b2021-12-21 12:54:44.446root 11241100x8000000000000000733616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bd56155dc5d15d2021-12-21 12:54:44.446root 11241100x8000000000000000733617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bbeb9535b8692c2021-12-21 12:54:44.446root 11241100x8000000000000000733618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7e169136e719bd2021-12-21 12:54:44.446root 11241100x8000000000000000733619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2621eaa66362b3482021-12-21 12:54:44.446root 11241100x8000000000000000733620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5349907e6b5a8912021-12-21 12:54:44.446root 11241100x8000000000000000733621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dc4b06f7ee24852021-12-21 12:54:44.446root 11241100x8000000000000000733622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f4883870b2d6a62021-12-21 12:54:44.447root 11241100x8000000000000000733623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8ccd87ec75b27f2021-12-21 12:54:44.447root 11241100x8000000000000000733624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba602950d79f9612021-12-21 12:54:44.447root 11241100x8000000000000000733625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eca4fb69496f412021-12-21 12:54:44.447root 11241100x8000000000000000733626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54ffe0a32dbdc1c2021-12-21 12:54:44.447root 11241100x8000000000000000733627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6d7f2dd963e662021-12-21 12:54:44.448root 11241100x8000000000000000733628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6ecb5db59b49932021-12-21 12:54:44.448root 11241100x8000000000000000733629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3fdded8fd639b32021-12-21 12:54:44.448root 11241100x8000000000000000733630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674c304d17e99f952021-12-21 12:54:44.448root 11241100x8000000000000000733631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e9f7ee1d0b53d2021-12-21 12:54:44.448root 11241100x8000000000000000733632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb44c513b14c0352021-12-21 12:54:44.448root 11241100x8000000000000000733633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6089acee0bba72021-12-21 12:54:44.448root 11241100x8000000000000000733634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f426794c7224012021-12-21 12:54:44.448root 11241100x8000000000000000733635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23b3e0c3f1ad4912021-12-21 12:54:44.448root 11241100x8000000000000000733636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921f2419ed032f3d2021-12-21 12:54:44.448root 11241100x8000000000000000733637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b15a079074d64f2021-12-21 12:54:44.448root 11241100x8000000000000000733638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d6dcddca65b8582021-12-21 12:54:44.448root 11241100x8000000000000000733639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ed2d2aa0b197172021-12-21 12:54:44.448root 11241100x8000000000000000733640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066431eed35372fd2021-12-21 12:54:44.449root 11241100x8000000000000000733641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0aff72498b8c852021-12-21 12:54:44.449root 11241100x8000000000000000733642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee338ad588e543492021-12-21 12:54:44.449root 11241100x8000000000000000733643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee92ee6deed4a8612021-12-21 12:54:44.449root 11241100x8000000000000000733644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ff741b6e9952c2021-12-21 12:54:44.449root 11241100x8000000000000000733645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c721a79e3ce12e2021-12-21 12:54:44.449root 11241100x8000000000000000733646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50af077d04f5671e2021-12-21 12:54:44.450root 11241100x8000000000000000733647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b590f6f45a9e102021-12-21 12:54:44.450root 11241100x8000000000000000733648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76527c2ce94045402021-12-21 12:54:44.450root 11241100x8000000000000000733649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec4feb57aaec7352021-12-21 12:54:44.450root 11241100x8000000000000000733650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c580e0597ec93f2021-12-21 12:54:44.450root 11241100x8000000000000000733651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbef5552b2656342021-12-21 12:54:44.450root 11241100x8000000000000000733652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5988b7a39ad9cb022021-12-21 12:54:44.450root 11241100x8000000000000000733653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025c144de848cb8d2021-12-21 12:54:44.450root 11241100x8000000000000000733654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3431ac0fe77fc432021-12-21 12:54:44.450root 11241100x8000000000000000733655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5489ed2f48fc4ea2021-12-21 12:54:44.450root 11241100x8000000000000000733656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7f584b5e0a4d0a2021-12-21 12:54:44.450root 11241100x8000000000000000733657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481d5ddc26c397cd2021-12-21 12:54:44.450root 11241100x8000000000000000733658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1938dc853a8b5c282021-12-21 12:54:44.450root 11241100x8000000000000000733659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929c9ff082110ea12021-12-21 12:54:44.450root 11241100x8000000000000000733660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf71b3d60f860a92021-12-21 12:54:44.450root 11241100x8000000000000000733661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2af9d3f9ded3d582021-12-21 12:54:44.451root 11241100x8000000000000000733662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde4cf5c231d7b82021-12-21 12:54:44.451root 11241100x8000000000000000733663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb30a5439224b7ec2021-12-21 12:54:44.451root 11241100x8000000000000000733664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e333971dc74285092021-12-21 12:54:44.451root 11241100x8000000000000000733665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a299014bbb4be032021-12-21 12:54:44.451root 11241100x8000000000000000733666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b643f7b95b7083432021-12-21 12:54:44.451root 11241100x8000000000000000733667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e681c3278ec2b3862021-12-21 12:54:44.451root 11241100x8000000000000000733668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9844d1badf5241b2021-12-21 12:54:44.452root 11241100x8000000000000000733669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772f00185940f6b62021-12-21 12:54:44.452root 11241100x8000000000000000733670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a36daff106dc882021-12-21 12:54:44.452root 11241100x8000000000000000733671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1a86cb8275af5c2021-12-21 12:54:44.452root 11241100x8000000000000000733672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66228deb31fd307c2021-12-21 12:54:44.452root 11241100x8000000000000000733673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3d42f57c9c08b42021-12-21 12:54:44.452root 11241100x8000000000000000733674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcb46d2fe9912c02021-12-21 12:54:44.452root 11241100x8000000000000000733675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63df8427063462af2021-12-21 12:54:44.452root 11241100x8000000000000000733676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160360624bfc3ed22021-12-21 12:54:44.452root 11241100x8000000000000000733677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afffd378c5c9ff72021-12-21 12:54:44.453root 11241100x8000000000000000733678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b164c9dc2d7128c02021-12-21 12:54:44.453root 11241100x8000000000000000733679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03be9849d86095332021-12-21 12:54:44.453root 11241100x8000000000000000733680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565b6bafe5a182ba2021-12-21 12:54:44.453root 11241100x8000000000000000733681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620acf0e1881ff842021-12-21 12:54:44.453root 11241100x8000000000000000733682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b6d04978fcbdb12021-12-21 12:54:44.453root 11241100x8000000000000000733683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2afad416adf65af2021-12-21 12:54:44.453root 11241100x8000000000000000733684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b074c9dedec02cd2021-12-21 12:54:44.453root 11241100x8000000000000000733685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b00520175978b942021-12-21 12:54:44.453root 11241100x8000000000000000733686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479a57aedb95c7992021-12-21 12:54:44.453root 11241100x8000000000000000733687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a470457b3b176a2021-12-21 12:54:44.453root 11241100x8000000000000000733688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e53db485c1d342021-12-21 12:54:44.454root 11241100x8000000000000000733689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27acc355fbe1d8212021-12-21 12:54:44.454root 11241100x8000000000000000733690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31894a3dd6958f52021-12-21 12:54:44.454root 11241100x8000000000000000733691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5066deb883ddf312021-12-21 12:54:44.454root 11241100x8000000000000000733692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e4ac1adf829fca2021-12-21 12:54:44.454root 11241100x8000000000000000733693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f15d026679d7e2021-12-21 12:54:44.454root 11241100x8000000000000000733694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b2af9e1e19fe042021-12-21 12:54:44.454root 11241100x8000000000000000733695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30faf82e7ed29a52021-12-21 12:54:44.454root 11241100x8000000000000000733696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663eea93b7c7808d2021-12-21 12:54:44.454root 11241100x8000000000000000733697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a492ba31d3106412021-12-21 12:54:44.454root 11241100x8000000000000000733698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae03f662335df6c2021-12-21 12:54:44.455root 11241100x8000000000000000733699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c63ea0cfaf622542021-12-21 12:54:44.455root 11241100x8000000000000000733700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40636e3a15019f102021-12-21 12:54:44.455root 11241100x8000000000000000733701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869229b2ef42a2b62021-12-21 12:54:44.455root 11241100x8000000000000000733702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560af96c6a202e0c2021-12-21 12:54:44.455root 11241100x8000000000000000733703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1995bc4688b218e62021-12-21 12:54:44.943root 11241100x8000000000000000733704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8558b680109a1e32021-12-21 12:54:44.943root 11241100x8000000000000000733705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff825d6732c1d212021-12-21 12:54:44.943root 11241100x8000000000000000733706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7d0b494f8fc9692021-12-21 12:54:44.943root 11241100x8000000000000000733707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d72febd468634a2021-12-21 12:54:44.943root 11241100x8000000000000000733708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4331878a06c8922d2021-12-21 12:54:44.943root 11241100x8000000000000000733709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f2adebe46a0a7b2021-12-21 12:54:44.943root 11241100x8000000000000000733710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd92ef9dcf8162082021-12-21 12:54:44.943root 11241100x8000000000000000733711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e148248037e1f22021-12-21 12:54:44.943root 11241100x8000000000000000733712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489dad7a7a22170f2021-12-21 12:54:44.944root 11241100x8000000000000000733713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d87cac76d6d40a32021-12-21 12:54:44.944root 11241100x8000000000000000733714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d649a06f61d5b032021-12-21 12:54:44.944root 11241100x8000000000000000733715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96424692b2be5612021-12-21 12:54:44.944root 11241100x8000000000000000733716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd3bfc36750dbc12021-12-21 12:54:44.944root 11241100x8000000000000000733717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22df86ac0f37d35f2021-12-21 12:54:44.944root 11241100x8000000000000000733718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60581e323ee0f9912021-12-21 12:54:44.944root 11241100x8000000000000000733719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f84f3290a618392021-12-21 12:54:44.944root 11241100x8000000000000000733720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0005632e7dacd5902021-12-21 12:54:44.944root 11241100x8000000000000000733721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7da0a58af86a9f2021-12-21 12:54:44.945root 11241100x8000000000000000733722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed187924dd03b8f92021-12-21 12:54:44.945root 11241100x8000000000000000733723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8056f6bb308066372021-12-21 12:54:44.945root 11241100x8000000000000000733724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df3c42d3b8f7b5c2021-12-21 12:54:44.945root 11241100x8000000000000000733725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69fcd18591e2f362021-12-21 12:54:44.945root 11241100x8000000000000000733726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bd374b3f3745d2021-12-21 12:54:44.945root 11241100x8000000000000000733727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d87916147b9b452021-12-21 12:54:44.945root 11241100x8000000000000000733728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4380aae24c75842021-12-21 12:54:44.945root 11241100x8000000000000000733729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7e9dd26f4e10b52021-12-21 12:54:44.946root 11241100x8000000000000000733730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0acb5d027a0bbb62021-12-21 12:54:44.946root 11241100x8000000000000000733731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666d3142ff5bfb2f2021-12-21 12:54:44.946root 11241100x8000000000000000733732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa12dc713d7b8bd2021-12-21 12:54:44.946root 11241100x8000000000000000733733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085b4e3a70a7c33e2021-12-21 12:54:44.946root 11241100x8000000000000000733734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc44cf875878e2c2021-12-21 12:54:44.947root 11241100x8000000000000000733735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96513b95ac449ad72021-12-21 12:54:44.947root 11241100x8000000000000000733736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac63f3438043a0592021-12-21 12:54:44.947root 11241100x8000000000000000733737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56607fb13fc1bf2021-12-21 12:54:44.948root 11241100x8000000000000000733738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e287f60265ef4f2021-12-21 12:54:44.948root 11241100x8000000000000000733739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5862566ebc3b56872021-12-21 12:54:44.948root 11241100x8000000000000000733740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542b6dd9f38a64cb2021-12-21 12:54:44.949root 11241100x8000000000000000733741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188030f2116af21b2021-12-21 12:54:44.949root 11241100x8000000000000000733742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2daae47c0a597a2021-12-21 12:54:44.949root 11241100x8000000000000000733743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6846d704362ef52021-12-21 12:54:44.950root 11241100x8000000000000000733744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acab672533ea2e1c2021-12-21 12:54:44.950root 11241100x8000000000000000733745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19625e5289e90cf2021-12-21 12:54:44.950root 11241100x8000000000000000733746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a790b9b79a62aa9d2021-12-21 12:54:44.950root 11241100x8000000000000000733747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb4ae80f692bc0d2021-12-21 12:54:44.951root 11241100x8000000000000000733748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6e976362e568cb2021-12-21 12:54:44.951root 11241100x8000000000000000733749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62beee4e630220712021-12-21 12:54:44.951root 11241100x8000000000000000733750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ddd8ab7a30b1992021-12-21 12:54:44.951root 11241100x8000000000000000733751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7729d281d536931b2021-12-21 12:54:44.951root 11241100x8000000000000000733752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdfef5cc6304f462021-12-21 12:54:44.951root 11241100x8000000000000000733753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e190676e9f108b882021-12-21 12:54:44.952root 11241100x8000000000000000733754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e7abf7907001df2021-12-21 12:54:44.952root 11241100x8000000000000000733755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253b6d12c9d4e3482021-12-21 12:54:44.952root 11241100x8000000000000000733756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddaf87fcc7381c7d2021-12-21 12:54:44.952root 11241100x8000000000000000733757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ec96de8f37db902021-12-21 12:54:44.952root 11241100x8000000000000000733758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a510cf5637fad9282021-12-21 12:54:44.952root 11241100x8000000000000000733759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c2d6a14436bc62021-12-21 12:54:44.952root 11241100x8000000000000000733760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23137539987d4e22021-12-21 12:54:44.953root 11241100x8000000000000000733761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e60d0893025bb22021-12-21 12:54:44.953root 11241100x8000000000000000733762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1206c539a3ca42472021-12-21 12:54:44.953root 11241100x8000000000000000733763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e03c40abf1e932021-12-21 12:54:44.953root 11241100x8000000000000000733764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84e7538f82173552021-12-21 12:54:44.953root 11241100x8000000000000000733765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b43ee8c689b752021-12-21 12:54:44.953root 11241100x8000000000000000733766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff81667268804be2021-12-21 12:54:44.953root 11241100x8000000000000000733767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:44.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d2d769c6f308142021-12-21 12:54:44.954root 11241100x8000000000000000733768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2021c2f9eb4cf1652021-12-21 12:54:45.443root 11241100x8000000000000000733769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f718674e5897192021-12-21 12:54:45.443root 11241100x8000000000000000733770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6fb01fcb471ef62021-12-21 12:54:45.443root 11241100x8000000000000000733771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8b2e85d1f4b20c2021-12-21 12:54:45.444root 11241100x8000000000000000733772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af823181ea01db5f2021-12-21 12:54:45.444root 11241100x8000000000000000733773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee13c3b82e1ff802021-12-21 12:54:45.444root 11241100x8000000000000000733774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96afa371009e820c2021-12-21 12:54:45.444root 11241100x8000000000000000733775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad8d09959f315ac2021-12-21 12:54:45.444root 11241100x8000000000000000733776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d064a0c46c6c3e2021-12-21 12:54:45.444root 11241100x8000000000000000733777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a745e33e9e1cebdc2021-12-21 12:54:45.444root 11241100x8000000000000000733778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4b4000571308392021-12-21 12:54:45.444root 11241100x8000000000000000733779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e5a989fc339de72021-12-21 12:54:45.444root 11241100x8000000000000000733780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9f55aaf8cedeaa2021-12-21 12:54:45.444root 11241100x8000000000000000733781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cc0282f58907de2021-12-21 12:54:45.444root 11241100x8000000000000000733782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820901727f3201d52021-12-21 12:54:45.445root 11241100x8000000000000000733783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fdfd4ce8ccdfd12021-12-21 12:54:45.445root 11241100x8000000000000000733784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6488f9e76f85c8a2021-12-21 12:54:45.445root 11241100x8000000000000000733785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e978c04efa93f2021-12-21 12:54:45.445root 11241100x8000000000000000733786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cbd3026442e2322021-12-21 12:54:45.445root 11241100x8000000000000000733787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5092ef1953a9342021-12-21 12:54:45.445root 11241100x8000000000000000733788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ebfeccb4f530e12021-12-21 12:54:45.446root 11241100x8000000000000000733789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852864cdc745a35b2021-12-21 12:54:45.446root 11241100x8000000000000000733790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ef3574a03788762021-12-21 12:54:45.446root 11241100x8000000000000000733791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4cda9b48c540492021-12-21 12:54:45.446root 11241100x8000000000000000733792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b322c2c65029f22021-12-21 12:54:45.446root 11241100x8000000000000000733793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ba69c346d71f12021-12-21 12:54:45.446root 11241100x8000000000000000733794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88458bcaab2077ed2021-12-21 12:54:45.447root 11241100x8000000000000000733795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097f245663e8d6082021-12-21 12:54:45.447root 11241100x8000000000000000733796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1873d0aa757281b42021-12-21 12:54:45.448root 11241100x8000000000000000733797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab777acb7d6b9ebf2021-12-21 12:54:45.448root 11241100x8000000000000000733798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c87b0b164994b582021-12-21 12:54:45.448root 11241100x8000000000000000733799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde114622bbdef372021-12-21 12:54:45.449root 11241100x8000000000000000733800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c337d4ed5c3ead052021-12-21 12:54:45.449root 11241100x8000000000000000733801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfdd3517f1ada242021-12-21 12:54:45.449root 11241100x8000000000000000733802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ae85ef13e6c90b2021-12-21 12:54:45.450root 11241100x8000000000000000733803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4666f12979f0a112021-12-21 12:54:45.450root 11241100x8000000000000000733804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b8efb3ab7a2f5f2021-12-21 12:54:45.450root 11241100x8000000000000000733805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d710a617185f3df2021-12-21 12:54:45.450root 11241100x8000000000000000733806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23956cdce196deee2021-12-21 12:54:45.450root 11241100x8000000000000000733807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ccf9472d2262912021-12-21 12:54:45.450root 11241100x8000000000000000733808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf4170e1bfc04b52021-12-21 12:54:45.451root 11241100x8000000000000000733809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e611699c2722e252021-12-21 12:54:45.451root 11241100x8000000000000000733810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45b9f75cd7b0e602021-12-21 12:54:45.451root 11241100x8000000000000000733811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464a6cd969e8f88e2021-12-21 12:54:45.451root 11241100x8000000000000000733812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7c6dbf5e61b5af2021-12-21 12:54:45.452root 11241100x8000000000000000733813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dc6473266c05252021-12-21 12:54:45.452root 11241100x8000000000000000733814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557fec35abf38942021-12-21 12:54:45.452root 11241100x8000000000000000733815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03d42a1532c00a82021-12-21 12:54:45.452root 11241100x8000000000000000733816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12605e32fd3c4e842021-12-21 12:54:45.452root 11241100x8000000000000000733817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990c4f73e727e84a2021-12-21 12:54:45.452root 11241100x8000000000000000733818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52163cfbea9b5622021-12-21 12:54:45.453root 11241100x8000000000000000733819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d3b8ca035d9932021-12-21 12:54:45.453root 11241100x8000000000000000733820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196fd0f8cad2ea062021-12-21 12:54:45.453root 11241100x8000000000000000733821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394502da264d71902021-12-21 12:54:45.453root 11241100x8000000000000000733822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974056651276f5be2021-12-21 12:54:45.453root 11241100x8000000000000000733823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6000bb9278415c2021-12-21 12:54:45.454root 11241100x8000000000000000733824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905a70fc8fe63f642021-12-21 12:54:45.454root 11241100x8000000000000000733825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f86f0d6d3162b2021-12-21 12:54:45.455root 11241100x8000000000000000733826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe777c2fb9b27d2b2021-12-21 12:54:45.455root 11241100x8000000000000000733827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286636e73d39b1db2021-12-21 12:54:45.943root 11241100x8000000000000000733828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc3f4956aaf86a52021-12-21 12:54:45.943root 11241100x8000000000000000733829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f0fe1cf60238472021-12-21 12:54:45.943root 11241100x8000000000000000733830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff38efa29aa0ed5d2021-12-21 12:54:45.943root 11241100x8000000000000000733831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61f2157b490f57b2021-12-21 12:54:45.944root 11241100x8000000000000000733832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7f115a61c7d0e32021-12-21 12:54:45.944root 11241100x8000000000000000733833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbbab32bace4ee12021-12-21 12:54:45.944root 11241100x8000000000000000733834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7dae338f6fd19e2021-12-21 12:54:45.944root 11241100x8000000000000000733835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c66d22c0565fc92021-12-21 12:54:45.944root 11241100x8000000000000000733836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4915bc84bfb8cb1d2021-12-21 12:54:45.944root 11241100x8000000000000000733837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18796644eeddf1e92021-12-21 12:54:45.944root 11241100x8000000000000000733838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd28bc0491b56ad02021-12-21 12:54:45.944root 11241100x8000000000000000733839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c559b9498d357d2021-12-21 12:54:45.945root 11241100x8000000000000000733840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db91326da79e82da2021-12-21 12:54:45.945root 11241100x8000000000000000733841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038b61fa3e57bc5f2021-12-21 12:54:45.945root 11241100x8000000000000000733842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8909cb76e583862021-12-21 12:54:45.945root 11241100x8000000000000000733843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced7125440ab310f2021-12-21 12:54:45.945root 11241100x8000000000000000733844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bc9cf722ce76162021-12-21 12:54:45.945root 11241100x8000000000000000733845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9edb7224e106012021-12-21 12:54:45.945root 11241100x8000000000000000733846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0c99043633c5552021-12-21 12:54:45.946root 11241100x8000000000000000733847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b386498a3d97425e2021-12-21 12:54:45.946root 11241100x8000000000000000733848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7f7a4274b005472021-12-21 12:54:45.946root 11241100x8000000000000000733849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc736b24955656d2021-12-21 12:54:45.946root 11241100x8000000000000000733850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cfbbadd7e9d2f82021-12-21 12:54:45.946root 11241100x8000000000000000733851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4f35ddea5e57852021-12-21 12:54:45.946root 11241100x8000000000000000733852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1c3633bdc652732021-12-21 12:54:45.946root 11241100x8000000000000000733853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5748c2e1b03f770f2021-12-21 12:54:45.946root 11241100x8000000000000000733854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1522dd9bd26afe12021-12-21 12:54:45.946root 11241100x8000000000000000733855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30824add7fee43da2021-12-21 12:54:45.946root 11241100x8000000000000000733856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6d271a0c2edea22021-12-21 12:54:45.946root 11241100x8000000000000000733857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daf9104a1274fd62021-12-21 12:54:45.947root 11241100x8000000000000000733858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5c39333a2730a82021-12-21 12:54:45.947root 11241100x8000000000000000733859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ca96093cb6a0942021-12-21 12:54:45.947root 11241100x8000000000000000733860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca4ce1f85bdf4c62021-12-21 12:54:45.947root 11241100x8000000000000000733861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b05a7b081295e2021-12-21 12:54:45.947root 11241100x8000000000000000733862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc277f05f2c20ac2021-12-21 12:54:45.947root 11241100x8000000000000000733863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6592cc6a6df37552021-12-21 12:54:45.947root 11241100x8000000000000000733864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7eba4460bd8a0e2021-12-21 12:54:45.947root 11241100x8000000000000000733865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1012136f35c7f1e2021-12-21 12:54:45.947root 11241100x8000000000000000733866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d8fa9332c3f01b2021-12-21 12:54:45.947root 11241100x8000000000000000733867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4359b892428b8d42021-12-21 12:54:45.947root 11241100x8000000000000000733868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfc756f1f293bc62021-12-21 12:54:45.947root 11241100x8000000000000000733869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb8adbf2b27cee92021-12-21 12:54:45.947root 11241100x8000000000000000733870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535eacab40872e082021-12-21 12:54:45.948root 11241100x8000000000000000733871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a7a65a35a6fd2e2021-12-21 12:54:45.948root 11241100x8000000000000000733872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3598c67fd60b17462021-12-21 12:54:45.948root 11241100x8000000000000000733873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581f97e8ad7db94b2021-12-21 12:54:45.948root 11241100x8000000000000000733874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4952e21af1e340352021-12-21 12:54:45.948root 11241100x8000000000000000733875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7bd7ab5ee5c3d62021-12-21 12:54:45.948root 11241100x8000000000000000733876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3ca3fa520bdc6d2021-12-21 12:54:45.948root 11241100x8000000000000000733877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c0f84a96ff13492021-12-21 12:54:45.948root 11241100x8000000000000000733878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66db9701747564c2021-12-21 12:54:45.948root 11241100x8000000000000000733879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed85e9c6cfc01f6f2021-12-21 12:54:45.948root 11241100x8000000000000000733880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a566fa75f5026b722021-12-21 12:54:45.948root 11241100x8000000000000000733881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9623802fd348486e2021-12-21 12:54:45.948root 11241100x8000000000000000733882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c52c369d53715e02021-12-21 12:54:46.443root 11241100x8000000000000000733883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1e008c725a65382021-12-21 12:54:46.443root 11241100x8000000000000000733884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e186b51574db9952021-12-21 12:54:46.443root 11241100x8000000000000000733885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45293e4c9c119d32021-12-21 12:54:46.443root 11241100x8000000000000000733886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b6be0f8af09f92021-12-21 12:54:46.444root 11241100x8000000000000000733887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204be4392c737fdd2021-12-21 12:54:46.444root 11241100x8000000000000000733888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f917dd7a368fd19b2021-12-21 12:54:46.444root 11241100x8000000000000000733889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d1ec9c869dcd8a2021-12-21 12:54:46.444root 11241100x8000000000000000733890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dca26a800132a82021-12-21 12:54:46.444root 11241100x8000000000000000733891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dbb3be182394cc2021-12-21 12:54:46.444root 11241100x8000000000000000733892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda4953e2f72b0882021-12-21 12:54:46.444root 11241100x8000000000000000733893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383372f72bd94eb82021-12-21 12:54:46.444root 11241100x8000000000000000733894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbd8d384fc93a1f2021-12-21 12:54:46.444root 11241100x8000000000000000733895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c307e9b2776a34e92021-12-21 12:54:46.444root 11241100x8000000000000000733896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ba020c86c946ec2021-12-21 12:54:46.444root 11241100x8000000000000000733897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0eb4b0414199292021-12-21 12:54:46.444root 11241100x8000000000000000733898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398cb7a1deda6b2d2021-12-21 12:54:46.444root 11241100x8000000000000000733899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45b5a760238a31e2021-12-21 12:54:46.444root 11241100x8000000000000000733900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f4d04a30f170092021-12-21 12:54:46.444root 11241100x8000000000000000733901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151e021e9aff22182021-12-21 12:54:46.445root 11241100x8000000000000000733902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67f9ef9ac34e5962021-12-21 12:54:46.445root 11241100x8000000000000000733903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c96780bf4fcaa2021-12-21 12:54:46.445root 11241100x8000000000000000733904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0475c3bc2853a84f2021-12-21 12:54:46.445root 11241100x8000000000000000733905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646da8c0fb16842b2021-12-21 12:54:46.445root 11241100x8000000000000000733906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9401192318fe0d2c2021-12-21 12:54:46.445root 11241100x8000000000000000733907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b97680bf802232021-12-21 12:54:46.445root 11241100x8000000000000000733908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07d6d593624d74f2021-12-21 12:54:46.445root 11241100x8000000000000000733909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79df457b9bb80cd12021-12-21 12:54:46.445root 11241100x8000000000000000733910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7ed585375f93722021-12-21 12:54:46.445root 11241100x8000000000000000733911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63e64539ca217362021-12-21 12:54:46.445root 11241100x8000000000000000733912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55df20d98f7085162021-12-21 12:54:46.445root 11241100x8000000000000000733913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01749a97083032422021-12-21 12:54:46.445root 11241100x8000000000000000733914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae77d648d014bafc2021-12-21 12:54:46.445root 11241100x8000000000000000733915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1b2d18f3adae8f2021-12-21 12:54:46.445root 11241100x8000000000000000733916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d952d1b1e3ca302021-12-21 12:54:46.445root 11241100x8000000000000000733917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b238a15983391d712021-12-21 12:54:46.446root 11241100x8000000000000000733918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f224bdaf4c4db12021-12-21 12:54:46.446root 11241100x8000000000000000733919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffb64019dd4ab702021-12-21 12:54:46.446root 11241100x8000000000000000733920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f79fd983898ae352021-12-21 12:54:46.446root 11241100x8000000000000000733921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312f6762c059305c2021-12-21 12:54:46.446root 11241100x8000000000000000733922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cffea191e042922021-12-21 12:54:46.446root 11241100x8000000000000000733923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bbc3f8e13710132021-12-21 12:54:46.446root 11241100x8000000000000000733924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5288214fa9f4ad7b2021-12-21 12:54:46.446root 11241100x8000000000000000733925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce4533b41a063352021-12-21 12:54:46.446root 11241100x8000000000000000733926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0131b20207101cc12021-12-21 12:54:46.447root 11241100x8000000000000000733927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11a517660edfbe42021-12-21 12:54:46.447root 11241100x8000000000000000733928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c412ea36d055ebbd2021-12-21 12:54:46.447root 11241100x8000000000000000733929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7ac4b081e7aa12021-12-21 12:54:46.447root 11241100x8000000000000000733930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5393aa9a75e4a1922021-12-21 12:54:46.447root 11241100x8000000000000000733931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f1aee6d44148582021-12-21 12:54:46.447root 11241100x8000000000000000733932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55b2d776372d6892021-12-21 12:54:46.447root 11241100x8000000000000000733933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b47b2b21b7e141a2021-12-21 12:54:46.447root 11241100x8000000000000000733934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b0c8f52d0690062021-12-21 12:54:46.447root 11241100x8000000000000000733935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4b3ef3ae59b1332021-12-21 12:54:46.447root 11241100x8000000000000000733936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08087da7eae74eed2021-12-21 12:54:46.447root 11241100x8000000000000000733937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f047465236f2668e2021-12-21 12:54:46.447root 11241100x8000000000000000733938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9b035977077abd2021-12-21 12:54:46.448root 11241100x8000000000000000733939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409b45e0127007e82021-12-21 12:54:46.448root 11241100x8000000000000000733940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb28e27e10393c12021-12-21 12:54:46.448root 11241100x8000000000000000733941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c3e66bbb81c1b12021-12-21 12:54:46.448root 11241100x8000000000000000733942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f8b058451c9cd2021-12-21 12:54:46.449root 11241100x8000000000000000733943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2febb537f8ef2862021-12-21 12:54:46.449root 11241100x8000000000000000733944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf7bf58e9163e012021-12-21 12:54:46.449root 11241100x8000000000000000733945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f7ccb0244d68792021-12-21 12:54:46.449root 11241100x8000000000000000733946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4932bf1a406bb9d82021-12-21 12:54:46.449root 11241100x8000000000000000733947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3067fb453306048d2021-12-21 12:54:46.449root 11241100x8000000000000000733948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec442129a34a7b02021-12-21 12:54:46.449root 11241100x8000000000000000733949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dbef3f56a05b0a2021-12-21 12:54:46.449root 11241100x8000000000000000733950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e04a50dbd926cd2021-12-21 12:54:46.449root 11241100x8000000000000000733951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dbc9a07acfd2542021-12-21 12:54:46.450root 11241100x8000000000000000733952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d23b2448bb2d272021-12-21 12:54:46.450root 11241100x8000000000000000733953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3893f4d51708ae62021-12-21 12:54:46.450root 11241100x8000000000000000733954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4f12f37c1c6c152021-12-21 12:54:46.450root 11241100x8000000000000000733955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85461ad332a396772021-12-21 12:54:46.450root 11241100x8000000000000000733956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc73e6869a6d2e122021-12-21 12:54:46.450root 11241100x8000000000000000733957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21e197f5bdcf1f32021-12-21 12:54:46.450root 11241100x8000000000000000733958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a75a98e981b218f2021-12-21 12:54:46.451root 11241100x8000000000000000733959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c9af09231384c2021-12-21 12:54:46.451root 11241100x8000000000000000733960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc304d60f93a4d52021-12-21 12:54:46.451root 11241100x8000000000000000733961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79586de8b1facb012021-12-21 12:54:46.451root 11241100x8000000000000000733962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93e01dbd9604bde2021-12-21 12:54:46.451root 11241100x8000000000000000733963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eec5e8dc58c98f2021-12-21 12:54:46.452root 11241100x8000000000000000733964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b36ddfb3d7bdc62021-12-21 12:54:46.452root 11241100x8000000000000000733965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89de8acc176ef4f12021-12-21 12:54:46.452root 11241100x8000000000000000733966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894dc016c799a78f2021-12-21 12:54:46.452root 11241100x8000000000000000733967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dcb09acb986f732021-12-21 12:54:46.452root 11241100x8000000000000000733968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4682f6ed3f4a1492021-12-21 12:54:46.452root 11241100x8000000000000000733969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf31fa628073de62021-12-21 12:54:46.452root 11241100x8000000000000000733970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bc45730a4d9e1f2021-12-21 12:54:46.452root 11241100x8000000000000000733971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0947638e908ec5542021-12-21 12:54:46.452root 11241100x8000000000000000733972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c3452f11d342322021-12-21 12:54:46.453root 11241100x8000000000000000733973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee40b036ff59cb42021-12-21 12:54:46.453root 11241100x8000000000000000733974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe2a33db06923e42021-12-21 12:54:46.453root 11241100x8000000000000000733975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc31df767a630fb02021-12-21 12:54:46.453root 11241100x8000000000000000733976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea515fba024325bb2021-12-21 12:54:46.453root 11241100x8000000000000000733977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a654d3f13821f1062021-12-21 12:54:46.453root 11241100x8000000000000000733978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccba9d62dc414282021-12-21 12:54:46.454root 11241100x8000000000000000733979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e8efa2b82e564d2021-12-21 12:54:46.454root 11241100x8000000000000000733980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c472d10bd1467c252021-12-21 12:54:46.454root 11241100x8000000000000000733981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f03a0162f9202f2021-12-21 12:54:46.454root 11241100x8000000000000000733982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde962211927c3ee2021-12-21 12:54:46.454root 11241100x8000000000000000733983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70fe596497a61d2021-12-21 12:54:46.454root 11241100x8000000000000000733984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f6751e70da547b2021-12-21 12:54:46.454root 11241100x8000000000000000733985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f91c80ee2097962021-12-21 12:54:46.454root 11241100x8000000000000000733986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7d005fd425371e2021-12-21 12:54:46.454root 11241100x8000000000000000733987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c098d1a106a3bbb82021-12-21 12:54:46.455root 11241100x8000000000000000733988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a49fe80b9cd66582021-12-21 12:54:46.455root 11241100x8000000000000000733989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9c30c48f28dbc42021-12-21 12:54:46.455root 11241100x8000000000000000733990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5d90e314d90ac82021-12-21 12:54:46.455root 11241100x8000000000000000733991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68080154b551f4e32021-12-21 12:54:46.455root 11241100x8000000000000000733992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf8b5756aa9ccfb2021-12-21 12:54:46.455root 11241100x8000000000000000733993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660d570ea9e0abcf2021-12-21 12:54:46.455root 11241100x8000000000000000733994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6abe772d0405fe92021-12-21 12:54:46.455root 11241100x8000000000000000733995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4091e635380062d22021-12-21 12:54:46.455root 11241100x8000000000000000733996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda0b8b9357a3a662021-12-21 12:54:46.455root 11241100x8000000000000000733997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528548a65c646fe72021-12-21 12:54:46.456root 11241100x8000000000000000733998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba623a97cb82e9a2021-12-21 12:54:46.456root 11241100x8000000000000000733999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c364785f8069be2021-12-21 12:54:46.456root 11241100x8000000000000000734000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e06ef9fb9f84ab2021-12-21 12:54:46.456root 11241100x8000000000000000734001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74712464b48f4042021-12-21 12:54:46.456root 11241100x8000000000000000734002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c7c18376acb7702021-12-21 12:54:46.456root 11241100x8000000000000000734003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f520638e12795f6a2021-12-21 12:54:46.456root 11241100x8000000000000000734004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd404b126e2aa812021-12-21 12:54:46.457root 11241100x8000000000000000734005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82855a6130d98e0a2021-12-21 12:54:46.457root 11241100x8000000000000000734006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832409b0190aa7a22021-12-21 12:54:46.457root 11241100x8000000000000000734007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b157bfb210f3c0db2021-12-21 12:54:46.457root 11241100x8000000000000000734008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123a7af7c797f3482021-12-21 12:54:46.457root 11241100x8000000000000000734009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ea18e591d945d22021-12-21 12:54:46.457root 11241100x8000000000000000734010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87a38cdb28810152021-12-21 12:54:46.457root 11241100x8000000000000000734011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649a74d203f674e62021-12-21 12:54:46.458root 11241100x8000000000000000734012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94278d05ab6671e2021-12-21 12:54:46.458root 11241100x8000000000000000734013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f703473c776c5bd2021-12-21 12:54:46.458root 11241100x8000000000000000734014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f4f17f8f28a7ed2021-12-21 12:54:46.458root 11241100x8000000000000000734015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c248c54f3f9d5792021-12-21 12:54:46.458root 11241100x8000000000000000734016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f92e57fb222692d2021-12-21 12:54:46.458root 11241100x8000000000000000734017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76d8c660315f4e02021-12-21 12:54:46.458root 11241100x8000000000000000734018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effd4d52bb49a8382021-12-21 12:54:46.458root 11241100x8000000000000000734019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96b32862246f1ca2021-12-21 12:54:46.458root 11241100x8000000000000000734020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f457c1d40f5de12021-12-21 12:54:46.458root 11241100x8000000000000000734021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace4f271be7fa3b22021-12-21 12:54:46.458root 11241100x8000000000000000734022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316ac33c51d9fdf02021-12-21 12:54:46.458root 11241100x8000000000000000734023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2853723e147bc3b22021-12-21 12:54:46.459root 11241100x8000000000000000734024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec1a19083b227982021-12-21 12:54:46.459root 11241100x8000000000000000734025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cbe834cfe2f1512021-12-21 12:54:46.459root 11241100x8000000000000000734026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd0bf90e0c9bb2e2021-12-21 12:54:46.459root 11241100x8000000000000000734027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4018d1af4715f0db2021-12-21 12:54:46.459root 11241100x8000000000000000734028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6208994e59c3f02021-12-21 12:54:46.459root 11241100x8000000000000000734029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707086b513f661042021-12-21 12:54:46.459root 11241100x8000000000000000734030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7841d96a774d7d92021-12-21 12:54:46.459root 11241100x8000000000000000734031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c000282640d5c22021-12-21 12:54:46.459root 11241100x8000000000000000734032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1113bc77f8f55ace2021-12-21 12:54:46.459root 11241100x8000000000000000734033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a1573d1615148e2021-12-21 12:54:46.459root 11241100x8000000000000000734034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bee74da4e4022332021-12-21 12:54:46.460root 11241100x8000000000000000734035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd26495b97bf79312021-12-21 12:54:46.460root 11241100x8000000000000000734036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559801307eb61f8f2021-12-21 12:54:46.460root 11241100x8000000000000000734037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a449ed45ef748a552021-12-21 12:54:46.460root 11241100x8000000000000000734038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a43d8388e767e2021-12-21 12:54:46.460root 11241100x8000000000000000734039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a2fe724f7b478f2021-12-21 12:54:46.460root 11241100x8000000000000000734040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193ea32ee9d230112021-12-21 12:54:46.460root 11241100x8000000000000000734041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9558c3c06d380d2021-12-21 12:54:46.460root 11241100x8000000000000000734042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ee6186de567aff2021-12-21 12:54:46.460root 11241100x8000000000000000734043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb7b590ed733e0e2021-12-21 12:54:46.943root 11241100x8000000000000000734044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ae96e11ac4a0212021-12-21 12:54:46.943root 11241100x8000000000000000734045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f1e9c1afcb93f32021-12-21 12:54:46.943root 11241100x8000000000000000734046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5cb949b60f680c2021-12-21 12:54:46.943root 11241100x8000000000000000734047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606eba5c2560deed2021-12-21 12:54:46.943root 11241100x8000000000000000734048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633a3bbc44916052021-12-21 12:54:46.943root 11241100x8000000000000000734049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b97e28db9e15a22021-12-21 12:54:46.944root 11241100x8000000000000000734050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88077b5fe9ce4dea2021-12-21 12:54:46.944root 11241100x8000000000000000734051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530e49b62a2af5fd2021-12-21 12:54:46.944root 11241100x8000000000000000734052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de720a7de800e3e22021-12-21 12:54:46.944root 11241100x8000000000000000734053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7a66ee302bab4a2021-12-21 12:54:46.944root 11241100x8000000000000000734054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a54de132cfa45c2021-12-21 12:54:46.944root 11241100x8000000000000000734055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf1f9b65ac14a6c2021-12-21 12:54:46.944root 11241100x8000000000000000734056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792fe1542aa54a692021-12-21 12:54:46.944root 11241100x8000000000000000734057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1568d5ee802223a2021-12-21 12:54:46.944root 11241100x8000000000000000734058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e3671f443fdb932021-12-21 12:54:46.944root 11241100x8000000000000000734059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb7b02302c114642021-12-21 12:54:46.944root 11241100x8000000000000000734060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126431e885b4e55f2021-12-21 12:54:46.944root 11241100x8000000000000000734061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440c585bf0ba34fc2021-12-21 12:54:46.944root 11241100x8000000000000000734062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab177fc1618202db2021-12-21 12:54:46.944root 11241100x8000000000000000734063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8772405125e72e502021-12-21 12:54:46.944root 11241100x8000000000000000734064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f27eed7c36994a2021-12-21 12:54:46.945root 11241100x8000000000000000734065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a24c2d5176f8992021-12-21 12:54:46.945root 11241100x8000000000000000734066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5931b2593b1908392021-12-21 12:54:46.945root 11241100x8000000000000000734067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66965265554f7afa2021-12-21 12:54:46.945root 11241100x8000000000000000734068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e738bd50231195f52021-12-21 12:54:46.945root 11241100x8000000000000000734069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071821a5510daa9a2021-12-21 12:54:46.945root 11241100x8000000000000000734070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69076789e2bc107e2021-12-21 12:54:46.945root 11241100x8000000000000000734071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a9ac7101ddb32e2021-12-21 12:54:46.945root 11241100x8000000000000000734072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f486e0260f57ba2021-12-21 12:54:46.945root 11241100x8000000000000000734073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa545908c266b0e2021-12-21 12:54:46.945root 11241100x8000000000000000734074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8856ef91e51694e62021-12-21 12:54:46.945root 11241100x8000000000000000734075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84b8f537b6eef3e2021-12-21 12:54:46.945root 11241100x8000000000000000734076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51ffc7d74d3adbf2021-12-21 12:54:46.945root 11241100x8000000000000000734077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79edf3f35f12c7502021-12-21 12:54:46.945root 11241100x8000000000000000734078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae54154edf3b72bb2021-12-21 12:54:46.945root 11241100x8000000000000000734079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b884c217bc38002021-12-21 12:54:46.945root 11241100x8000000000000000734080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beec605c6b2ec612021-12-21 12:54:46.946root 11241100x8000000000000000734081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29514365d9323cff2021-12-21 12:54:46.946root 11241100x8000000000000000734082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a222843a89f0163b2021-12-21 12:54:46.946root 11241100x8000000000000000734083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ee436bb3b3b622021-12-21 12:54:46.946root 11241100x8000000000000000734084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef42dbcc4d6ca752021-12-21 12:54:46.946root 11241100x8000000000000000734085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c1778aceef7d8b2021-12-21 12:54:46.946root 11241100x8000000000000000734086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcea2e98334f2822021-12-21 12:54:46.946root 11241100x8000000000000000734087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e97a6c3d99eda82021-12-21 12:54:46.946root 11241100x8000000000000000734088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e34fdd13c77361c2021-12-21 12:54:46.946root 11241100x8000000000000000734089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47676de7582e5ad62021-12-21 12:54:46.946root 11241100x8000000000000000734090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d2aee3a706e2d2021-12-21 12:54:46.946root 11241100x8000000000000000734091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0e9a60042384372021-12-21 12:54:46.946root 11241100x8000000000000000734092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c40284fa5ce312021-12-21 12:54:46.946root 11241100x8000000000000000734093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c557fda9da03c572021-12-21 12:54:46.947root 11241100x8000000000000000734094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5b2b292513f2802021-12-21 12:54:46.947root 11241100x8000000000000000734095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4beed231083d472021-12-21 12:54:46.947root 11241100x8000000000000000734096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbf972a186634802021-12-21 12:54:46.947root 11241100x8000000000000000734097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a38bda59afc8892021-12-21 12:54:46.947root 11241100x8000000000000000734098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d1c130b5e20742021-12-21 12:54:46.947root 11241100x8000000000000000734099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635b233b4ce804f12021-12-21 12:54:46.947root 11241100x8000000000000000734100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a75f03f748f54872021-12-21 12:54:46.947root 11241100x8000000000000000734101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfed45deca78eccd2021-12-21 12:54:47.442root 11241100x8000000000000000734102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7504c9112733412021-12-21 12:54:47.443root 11241100x8000000000000000734103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4e704efd867b892021-12-21 12:54:47.443root 11241100x8000000000000000734104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04853e545101d29a2021-12-21 12:54:47.443root 11241100x8000000000000000734105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8708ad31e7a83422021-12-21 12:54:47.443root 11241100x8000000000000000734106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670734252b986aea2021-12-21 12:54:47.443root 11241100x8000000000000000734107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fdd9d5323fc3142021-12-21 12:54:47.443root 11241100x8000000000000000734108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc88df2d9138d61a2021-12-21 12:54:47.443root 11241100x8000000000000000734109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a418667a408dd622021-12-21 12:54:47.443root 11241100x8000000000000000734110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb0c06b19ee42972021-12-21 12:54:47.443root 11241100x8000000000000000734111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde03d2591a1d1092021-12-21 12:54:47.443root 11241100x8000000000000000734112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8475f278df049882021-12-21 12:54:47.443root 11241100x8000000000000000734113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff1f4a3057dc90d2021-12-21 12:54:47.443root 11241100x8000000000000000734114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb2c6fcba6515d22021-12-21 12:54:47.444root 11241100x8000000000000000734115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4affddab1931976f2021-12-21 12:54:47.444root 11241100x8000000000000000734116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5461c4cb8e475b62021-12-21 12:54:47.444root 11241100x8000000000000000734117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135ac3bfa5542d142021-12-21 12:54:47.444root 11241100x8000000000000000734118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa5284755009522021-12-21 12:54:47.444root 11241100x8000000000000000734119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7beb9e9e02a00602021-12-21 12:54:47.444root 11241100x8000000000000000734120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410418109b918c5e2021-12-21 12:54:47.444root 11241100x8000000000000000734121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7475b781c6d7e1b22021-12-21 12:54:47.445root 11241100x8000000000000000734122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518fbfce7c7d14de2021-12-21 12:54:47.445root 11241100x8000000000000000734123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d78b8af0f9a8d2021-12-21 12:54:47.445root 11241100x8000000000000000734124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586debf28717a3d32021-12-21 12:54:47.445root 11241100x8000000000000000734125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a189918bd4c79832021-12-21 12:54:47.445root 11241100x8000000000000000734126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2f170b957817f62021-12-21 12:54:47.446root 11241100x8000000000000000734127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64429ec6dcd5857c2021-12-21 12:54:47.446root 11241100x8000000000000000734128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8cb651bcc104d12021-12-21 12:54:47.446root 11241100x8000000000000000734129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7746eebf57256b642021-12-21 12:54:47.447root 11241100x8000000000000000734130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae15778f5cca42f92021-12-21 12:54:47.447root 11241100x8000000000000000734131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b633091a462e952021-12-21 12:54:47.447root 11241100x8000000000000000734132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a8423e93a9e4412021-12-21 12:54:47.447root 11241100x8000000000000000734133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaac05d7c6c31b002021-12-21 12:54:47.448root 11241100x8000000000000000734134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e13f50483cc2a0b2021-12-21 12:54:47.448root 11241100x8000000000000000734135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d745229b74646ba02021-12-21 12:54:47.448root 11241100x8000000000000000734136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3459bc6fd340bdbf2021-12-21 12:54:47.448root 11241100x8000000000000000734137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc66db0d882ea052021-12-21 12:54:47.448root 11241100x8000000000000000734138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0ec1f4615229da2021-12-21 12:54:47.448root 11241100x8000000000000000734139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8a395d75bc6c52021-12-21 12:54:47.449root 11241100x8000000000000000734140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d70d1d5c4dbb02021-12-21 12:54:47.449root 11241100x8000000000000000734141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7fe4d56e05269a2021-12-21 12:54:47.449root 11241100x8000000000000000734142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b675f72b583d27892021-12-21 12:54:47.449root 11241100x8000000000000000734143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2047990e92b3145d2021-12-21 12:54:47.449root 11241100x8000000000000000734144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192b11c0db66b5052021-12-21 12:54:47.449root 11241100x8000000000000000734145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e438baea9d304f8a2021-12-21 12:54:47.449root 11241100x8000000000000000734146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0842850361029ec2021-12-21 12:54:47.449root 11241100x8000000000000000734147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066316a696c7bc662021-12-21 12:54:47.449root 11241100x8000000000000000734148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eba5efc292dbb252021-12-21 12:54:47.449root 11241100x8000000000000000734149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cdb68d0a7f7ad22021-12-21 12:54:47.450root 11241100x8000000000000000734150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf96d18924a64e602021-12-21 12:54:47.450root 11241100x8000000000000000734151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c399079dc16b432021-12-21 12:54:47.450root 11241100x8000000000000000734152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82bd1fb4b49c6b92021-12-21 12:54:47.450root 11241100x8000000000000000734153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1ae3b658123ef32021-12-21 12:54:47.450root 11241100x8000000000000000734154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a68ced0f719f922021-12-21 12:54:47.450root 11241100x8000000000000000734155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84c1e561ddd1bda2021-12-21 12:54:47.450root 11241100x8000000000000000734156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3814ecdff577e0dc2021-12-21 12:54:47.450root 11241100x8000000000000000734157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04519aa9423b7b82021-12-21 12:54:47.450root 11241100x8000000000000000734158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c5a42816eae6f52021-12-21 12:54:47.450root 11241100x8000000000000000734159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f923ce0ea65cb92021-12-21 12:54:47.450root 11241100x8000000000000000734160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3ecd8a74591b332021-12-21 12:54:47.451root 11241100x8000000000000000734161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5702937295b8d372021-12-21 12:54:47.451root 11241100x8000000000000000734162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0e5a78411044f42021-12-21 12:54:47.451root 11241100x8000000000000000734163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcdc24f90de5ccb2021-12-21 12:54:47.451root 11241100x8000000000000000734164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbd372a4f9985642021-12-21 12:54:47.451root 11241100x8000000000000000734165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d118f10afb9ec2672021-12-21 12:54:47.451root 11241100x8000000000000000734166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04ab395c3e930222021-12-21 12:54:47.451root 11241100x8000000000000000734167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476752da32a3501d2021-12-21 12:54:47.451root 11241100x8000000000000000734168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709fceaeef8b20e52021-12-21 12:54:47.451root 11241100x8000000000000000734169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2517e8643cefb8782021-12-21 12:54:47.451root 11241100x8000000000000000734170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e309519486a0842021-12-21 12:54:47.451root 11241100x8000000000000000734171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cbaa91931b000f2021-12-21 12:54:47.452root 11241100x8000000000000000734172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3613e35723048b612021-12-21 12:54:47.452root 11241100x8000000000000000734173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9d2c9725c5baa02021-12-21 12:54:47.452root 11241100x8000000000000000734174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50213c9df2b3b042021-12-21 12:54:47.452root 11241100x8000000000000000734175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3d4825f77759702021-12-21 12:54:47.452root 11241100x8000000000000000734176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bdb271b19dbd0f2021-12-21 12:54:47.943root 11241100x8000000000000000734177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e377d47b312e1c12021-12-21 12:54:47.943root 11241100x8000000000000000734178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c076133b90e0672021-12-21 12:54:47.943root 11241100x8000000000000000734179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5303595fea03bc92021-12-21 12:54:47.944root 11241100x8000000000000000734180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce887d72689712b92021-12-21 12:54:47.944root 11241100x8000000000000000734181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0dc1670f356e0a2021-12-21 12:54:47.944root 11241100x8000000000000000734182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96806d81eae010982021-12-21 12:54:47.944root 11241100x8000000000000000734183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f03eab39754bd672021-12-21 12:54:47.944root 11241100x8000000000000000734184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb17ff08e8992c5c2021-12-21 12:54:47.944root 11241100x8000000000000000734185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d30ed3c67bfece2021-12-21 12:54:47.944root 11241100x8000000000000000734186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05614326180f8b72021-12-21 12:54:47.944root 11241100x8000000000000000734187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b285758452a30b2021-12-21 12:54:47.944root 11241100x8000000000000000734188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526fd153f20a5fd32021-12-21 12:54:47.944root 11241100x8000000000000000734189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a34f91b6d2302f22021-12-21 12:54:47.945root 11241100x8000000000000000734190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ad3edd6c2efa2b2021-12-21 12:54:47.945root 11241100x8000000000000000734191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654442a9d72cc7dc2021-12-21 12:54:47.945root 11241100x8000000000000000734192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7d4ccfcbc85df2021-12-21 12:54:47.945root 11241100x8000000000000000734193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5562b2dd152266022021-12-21 12:54:47.945root 11241100x8000000000000000734194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe0d7b7df6648392021-12-21 12:54:47.945root 11241100x8000000000000000734195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdc8f84fc921cee2021-12-21 12:54:47.945root 11241100x8000000000000000734196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3948d504071264b72021-12-21 12:54:47.945root 11241100x8000000000000000734197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e213fee65af8918e2021-12-21 12:54:47.945root 11241100x8000000000000000734198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1931ec915b0f5d2021-12-21 12:54:47.945root 11241100x8000000000000000734199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ec87f94294847f2021-12-21 12:54:47.945root 11241100x8000000000000000734200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f8d01c69bad2ba2021-12-21 12:54:47.946root 11241100x8000000000000000734201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597689960581184e2021-12-21 12:54:47.946root 11241100x8000000000000000734202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5b3bf31623a6ad2021-12-21 12:54:47.946root 11241100x8000000000000000734203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8c0243480300732021-12-21 12:54:47.946root 11241100x8000000000000000734204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ac36339dc391bd2021-12-21 12:54:47.946root 11241100x8000000000000000734205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc568fec49dc75d2021-12-21 12:54:47.946root 11241100x8000000000000000734206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1a46bdfcf531462021-12-21 12:54:47.946root 11241100x8000000000000000734207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1704439306ab003b2021-12-21 12:54:47.946root 11241100x8000000000000000734208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305046ff042ccff72021-12-21 12:54:47.947root 11241100x8000000000000000734209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3552a0cf969aa72021-12-21 12:54:47.947root 11241100x8000000000000000734210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6d9e421ec8b0f32021-12-21 12:54:47.947root 11241100x8000000000000000734211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d07f8fd6146042021-12-21 12:54:47.947root 11241100x8000000000000000734212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5927d684a255a6912021-12-21 12:54:47.947root 11241100x8000000000000000734213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608ebbc921ab969a2021-12-21 12:54:47.947root 11241100x8000000000000000734214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074fac9834252ea82021-12-21 12:54:47.947root 11241100x8000000000000000734215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e6a15241b3bd82021-12-21 12:54:47.947root 11241100x8000000000000000734216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59152de810f2bd932021-12-21 12:54:47.947root 11241100x8000000000000000734217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27abca25821831072021-12-21 12:54:47.947root 11241100x8000000000000000734218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51a545ad5dfe4a22021-12-21 12:54:47.948root 11241100x8000000000000000734219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b22e6b84cad3442021-12-21 12:54:47.948root 11241100x8000000000000000734220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af02802abd81b4602021-12-21 12:54:47.948root 11241100x8000000000000000734221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba50ae6611f3d072021-12-21 12:54:47.948root 11241100x8000000000000000734222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06a49e01a6a0d6a2021-12-21 12:54:47.948root 11241100x8000000000000000734223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b34b5eb2f322502021-12-21 12:54:47.948root 11241100x8000000000000000734224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933ea764fe9eacc92021-12-21 12:54:47.948root 11241100x8000000000000000734225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bf63f9593885cd2021-12-21 12:54:47.948root 11241100x8000000000000000734226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc635966ae5270b2021-12-21 12:54:47.948root 11241100x8000000000000000734227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be956f07b7d7f8d52021-12-21 12:54:47.948root 11241100x8000000000000000734228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311c298bf59132dd2021-12-21 12:54:47.948root 11241100x8000000000000000734229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaa3dcee1dfbf462021-12-21 12:54:47.949root 11241100x8000000000000000734230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7eee2c9cee75dc2021-12-21 12:54:47.949root 11241100x8000000000000000734231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b5ad4c39d1ef312021-12-21 12:54:47.949root 11241100x8000000000000000734232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def68b3b2b39f4852021-12-21 12:54:47.949root 11241100x8000000000000000734233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea8e953d3886bf2021-12-21 12:54:47.949root 11241100x8000000000000000734234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dc637e4d716d042021-12-21 12:54:47.949root 11241100x8000000000000000734235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682a853fb691bee22021-12-21 12:54:47.949root 11241100x8000000000000000734236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609ea59b51f9eb012021-12-21 12:54:47.949root 11241100x8000000000000000734237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f33720a1be899b22021-12-21 12:54:47.949root 11241100x8000000000000000734238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017bc5668696952c2021-12-21 12:54:47.949root 11241100x8000000000000000734239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a38cfa254231ccf2021-12-21 12:54:47.949root 11241100x8000000000000000734240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fee7115ac38614e2021-12-21 12:54:47.949root 11241100x8000000000000000734241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bbeb43a277be872021-12-21 12:54:47.949root 11241100x8000000000000000734242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc84a055301e844b2021-12-21 12:54:47.949root 11241100x8000000000000000734243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385b5640d95b959f2021-12-21 12:54:47.950root 11241100x8000000000000000734244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b3e2c446860ae2021-12-21 12:54:47.950root 11241100x8000000000000000734245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82295c5f9000c6772021-12-21 12:54:47.950root 11241100x8000000000000000734246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a992b2e9bfd0bc2021-12-21 12:54:47.950root 11241100x8000000000000000734247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457bbae5b2107932021-12-21 12:54:47.950root 11241100x8000000000000000734248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748295676f0c11ef2021-12-21 12:54:47.950root 11241100x8000000000000000734249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57631c610e0d512021-12-21 12:54:48.443root 11241100x8000000000000000734250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19360ee6dece40292021-12-21 12:54:48.443root 11241100x8000000000000000734251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ef6c998850cb312021-12-21 12:54:48.443root 11241100x8000000000000000734252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae249426f6c02f2f2021-12-21 12:54:48.443root 11241100x8000000000000000734253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd4cf9f04f04fa42021-12-21 12:54:48.443root 11241100x8000000000000000734254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b08ae2dbf823b972021-12-21 12:54:48.443root 11241100x8000000000000000734255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4a44cadd6a75f62021-12-21 12:54:48.443root 11241100x8000000000000000734256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4030968770021992021-12-21 12:54:48.444root 11241100x8000000000000000734257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1376a273f6a234ca2021-12-21 12:54:48.444root 11241100x8000000000000000734258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6cba52cdcd297a2021-12-21 12:54:48.444root 11241100x8000000000000000734259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc792dff386d7a2021-12-21 12:54:48.444root 11241100x8000000000000000734260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122fe0c4d51a48602021-12-21 12:54:48.444root 11241100x8000000000000000734261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a1c1758ef87c682021-12-21 12:54:48.444root 11241100x8000000000000000734262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e17ea89e1911d72021-12-21 12:54:48.444root 11241100x8000000000000000734263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65868f14c180e8b62021-12-21 12:54:48.444root 11241100x8000000000000000734264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f002d757911e2272021-12-21 12:54:48.444root 11241100x8000000000000000734265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b3b44ee8bda5e12021-12-21 12:54:48.444root 11241100x8000000000000000734266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766aebc59f31a23a2021-12-21 12:54:48.444root 11241100x8000000000000000734267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22cd45aae8a66a52021-12-21 12:54:48.444root 11241100x8000000000000000734268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a2dd7ae899459c2021-12-21 12:54:48.444root 11241100x8000000000000000734269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e72784087e90d02021-12-21 12:54:48.445root 11241100x8000000000000000734270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb97aa19c7f026492021-12-21 12:54:48.445root 11241100x8000000000000000734271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af81a5eec548eeed2021-12-21 12:54:48.445root 11241100x8000000000000000734272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376aeede5fdabf762021-12-21 12:54:48.445root 11241100x8000000000000000734273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a366957fe13123692021-12-21 12:54:48.445root 11241100x8000000000000000734274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387bf8fd98a8702c2021-12-21 12:54:48.445root 11241100x8000000000000000734275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd97969ae93bbe62021-12-21 12:54:48.445root 11241100x8000000000000000734276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b19c5e9a22146fe2021-12-21 12:54:48.445root 11241100x8000000000000000734277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61fab9a099ee7002021-12-21 12:54:48.445root 11241100x8000000000000000734278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a892baa57d29b4532021-12-21 12:54:48.445root 11241100x8000000000000000734279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787b7af930c74b1e2021-12-21 12:54:48.445root 11241100x8000000000000000734280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c72dd76fbaa14e2021-12-21 12:54:48.445root 11241100x8000000000000000734281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65ff6bf8c33fb312021-12-21 12:54:48.445root 11241100x8000000000000000734282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c3dfa1f3d31bd2021-12-21 12:54:48.446root 11241100x8000000000000000734283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a0a7484a58097b2021-12-21 12:54:48.446root 11241100x8000000000000000734284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a2afb39f5238952021-12-21 12:54:48.446root 11241100x8000000000000000734285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ac3a947bc71b552021-12-21 12:54:48.446root 11241100x8000000000000000734286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f6841f63ce11f32021-12-21 12:54:48.446root 11241100x8000000000000000734287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c20b6b657af02c52021-12-21 12:54:48.446root 11241100x8000000000000000734288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1857e9b8190b17d62021-12-21 12:54:48.446root 11241100x8000000000000000734289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff8ed4393b74ebe2021-12-21 12:54:48.446root 11241100x8000000000000000734290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4ef531f6dc7c7b2021-12-21 12:54:48.446root 11241100x8000000000000000734291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c904b2e2be79be62021-12-21 12:54:48.446root 11241100x8000000000000000734292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c852c556f3f57f2021-12-21 12:54:48.446root 11241100x8000000000000000734293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668e87bdc51f22aa2021-12-21 12:54:48.943root 11241100x8000000000000000734294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cfdb6c3d174a002021-12-21 12:54:48.943root 11241100x8000000000000000734295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cad88ecfc55d7f2021-12-21 12:54:48.943root 11241100x8000000000000000734296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c433be4e97ebbbb2021-12-21 12:54:48.943root 11241100x8000000000000000734297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675b99224aef43bb2021-12-21 12:54:48.943root 11241100x8000000000000000734298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0038bedafcbe7a092021-12-21 12:54:48.944root 11241100x8000000000000000734299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfcf2fcdd3e6dc52021-12-21 12:54:48.944root 11241100x8000000000000000734300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ddfdc7e737aa0a2021-12-21 12:54:48.944root 11241100x8000000000000000734301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740881507865aedd2021-12-21 12:54:48.944root 11241100x8000000000000000734302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2a0c6d22f67592021-12-21 12:54:48.944root 11241100x8000000000000000734303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f60914a41171e632021-12-21 12:54:48.944root 11241100x8000000000000000734304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f822e078e2107ca32021-12-21 12:54:48.944root 11241100x8000000000000000734305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfa5fa5eed2a1652021-12-21 12:54:48.944root 11241100x8000000000000000734306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be854cea827a9912021-12-21 12:54:48.944root 11241100x8000000000000000734307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17884deee2e3ceea2021-12-21 12:54:48.945root 11241100x8000000000000000734308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f283e8d8f5ac760d2021-12-21 12:54:48.945root 11241100x8000000000000000734309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1238b491a9ce7c6e2021-12-21 12:54:48.945root 11241100x8000000000000000734310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3933c0f328be6c302021-12-21 12:54:48.945root 11241100x8000000000000000734311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e4553ee3fca8a82021-12-21 12:54:48.945root 11241100x8000000000000000734312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1990c82803a561782021-12-21 12:54:48.945root 11241100x8000000000000000734313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9975ac93157dc62021-12-21 12:54:48.945root 11241100x8000000000000000734314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b73e747800a2a12021-12-21 12:54:48.945root 11241100x8000000000000000734315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5f4f5b822f117a2021-12-21 12:54:48.945root 11241100x8000000000000000734316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8681dc6db05f5452021-12-21 12:54:48.945root 11241100x8000000000000000734317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5352889efe29423f2021-12-21 12:54:48.945root 11241100x8000000000000000734318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecf9b076621a6f92021-12-21 12:54:48.946root 11241100x8000000000000000734319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9780c88627d23242021-12-21 12:54:48.946root 11241100x8000000000000000734320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7923551b66e510f2021-12-21 12:54:48.946root 11241100x8000000000000000734321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678e40d5d62f6c2a2021-12-21 12:54:48.946root 11241100x8000000000000000734322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018998d6089ab7842021-12-21 12:54:48.946root 11241100x8000000000000000734323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35d2a6b2ca1127f2021-12-21 12:54:48.946root 11241100x8000000000000000734324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa86ee2b1d4d4082021-12-21 12:54:48.946root 11241100x8000000000000000734325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844c6f32cc9a6aa52021-12-21 12:54:48.946root 11241100x8000000000000000734326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5302d96b625a55e02021-12-21 12:54:48.946root 11241100x8000000000000000734327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b301004e5cfc2dc2021-12-21 12:54:48.946root 11241100x8000000000000000734328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6844f617e919414a2021-12-21 12:54:48.946root 11241100x8000000000000000734329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e3f44bc1a650202021-12-21 12:54:48.947root 11241100x8000000000000000734330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093d30a3eefcdf042021-12-21 12:54:48.947root 11241100x8000000000000000734331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674318ac4674b11a2021-12-21 12:54:48.947root 11241100x8000000000000000734332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5dc282f7883962021-12-21 12:54:48.947root 11241100x8000000000000000734333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d273289b11510ded2021-12-21 12:54:48.947root 11241100x8000000000000000734334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a292c376f730fb2021-12-21 12:54:48.947root 11241100x8000000000000000734335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf67ca0a0c3c555f2021-12-21 12:54:48.947root 11241100x8000000000000000734336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3a6ed7c16c3aea2021-12-21 12:54:48.947root 11241100x8000000000000000734337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86922722e837fe62021-12-21 12:54:48.947root 11241100x8000000000000000734338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b57549355675632021-12-21 12:54:48.947root 11241100x8000000000000000734339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af86b30e115b577c2021-12-21 12:54:48.947root 11241100x8000000000000000734340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdda42762a8299c2021-12-21 12:54:48.947root 11241100x8000000000000000734341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88027c2971446e22021-12-21 12:54:48.948root 11241100x8000000000000000734342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bb3863a42453d82021-12-21 12:54:48.948root 11241100x8000000000000000734343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eafa3d6e8ec0572021-12-21 12:54:48.948root 11241100x8000000000000000734344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397b21da24d368932021-12-21 12:54:48.948root 11241100x8000000000000000734345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958489484e6800de2021-12-21 12:54:48.948root 11241100x8000000000000000734346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cb4b014b520ca82021-12-21 12:54:48.948root 11241100x8000000000000000734347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9958edb234f89e942021-12-21 12:54:48.948root 11241100x8000000000000000734348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e30c8129a707652021-12-21 12:54:49.443root 11241100x8000000000000000734349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71f0d5aca41b6222021-12-21 12:54:49.443root 11241100x8000000000000000734350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e099cf3fe35de49e2021-12-21 12:54:49.443root 11241100x8000000000000000734351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a969f141dd51f2021-12-21 12:54:49.443root 11241100x8000000000000000734352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7696eed03a9548822021-12-21 12:54:49.444root 11241100x8000000000000000734353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e94654fd112f6a2021-12-21 12:54:49.444root 11241100x8000000000000000734354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83836a62cd79657d2021-12-21 12:54:49.444root 11241100x8000000000000000734355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e68a7ef8c2a52a2021-12-21 12:54:49.444root 11241100x8000000000000000734356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9b5df6e3e0c6032021-12-21 12:54:49.444root 11241100x8000000000000000734357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360221b4f8906b912021-12-21 12:54:49.444root 11241100x8000000000000000734358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3924166a6f40e3992021-12-21 12:54:49.444root 11241100x8000000000000000734359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92a94f70a367fe2021-12-21 12:54:49.444root 11241100x8000000000000000734360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5acd0b8d7e3c16c2021-12-21 12:54:49.445root 11241100x8000000000000000734361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668c5c24e81f33582021-12-21 12:54:49.445root 11241100x8000000000000000734362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb67fe801c458b12021-12-21 12:54:49.445root 11241100x8000000000000000734363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38063c4cfcff37a2021-12-21 12:54:49.445root 11241100x8000000000000000734364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6285bfbb3129d96c2021-12-21 12:54:49.446root 11241100x8000000000000000734365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e852de8fda35d22021-12-21 12:54:49.446root 11241100x8000000000000000734366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871582958cb020fd2021-12-21 12:54:49.446root 11241100x8000000000000000734367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cf5ea8234480892021-12-21 12:54:49.447root 11241100x8000000000000000734368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c85e1e9e1b0a6b2021-12-21 12:54:49.447root 11241100x8000000000000000734369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f1cdc6c8d6f4812021-12-21 12:54:49.447root 11241100x8000000000000000734370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48823d5ed43a41e2021-12-21 12:54:49.448root 11241100x8000000000000000734371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04559dc4e50c496f2021-12-21 12:54:49.448root 11241100x8000000000000000734372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6bc2c82fe732b22021-12-21 12:54:49.448root 11241100x8000000000000000734373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b768f258a3e95bf82021-12-21 12:54:49.449root 11241100x8000000000000000734374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eecb7017318683e2021-12-21 12:54:49.449root 11241100x8000000000000000734375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011dfd2ad5483832021-12-21 12:54:49.449root 11241100x8000000000000000734376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df418132937ddba72021-12-21 12:54:49.449root 11241100x8000000000000000734377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c65534582813cb02021-12-21 12:54:49.449root 11241100x8000000000000000734378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ed35d4ee93728a2021-12-21 12:54:49.449root 11241100x8000000000000000734379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610fd6383191c8cd2021-12-21 12:54:49.449root 11241100x8000000000000000734380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f11ce9eca05592021-12-21 12:54:49.449root 11241100x8000000000000000734381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e626553837736762021-12-21 12:54:49.449root 11241100x8000000000000000734382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc029b6a75b7dcb2021-12-21 12:54:49.449root 11241100x8000000000000000734383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d6d164b317bfff2021-12-21 12:54:49.450root 11241100x8000000000000000734384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4840b3f9c86a8d2021-12-21 12:54:49.450root 11241100x8000000000000000734385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316ea4d2747364a42021-12-21 12:54:49.450root 11241100x8000000000000000734386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e20a66e16cdd4472021-12-21 12:54:49.450root 11241100x8000000000000000734387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbe91a08da969f32021-12-21 12:54:49.450root 11241100x8000000000000000734388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf511665b9af202021-12-21 12:54:49.450root 11241100x8000000000000000734389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506fdd4ab956af6d2021-12-21 12:54:49.450root 11241100x8000000000000000734390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b794e5cb65c172862021-12-21 12:54:49.450root 11241100x8000000000000000734391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992f94561966181b2021-12-21 12:54:49.451root 11241100x8000000000000000734392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4f2f1e180a238d2021-12-21 12:54:49.451root 11241100x8000000000000000734393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6703eb69203aab792021-12-21 12:54:49.451root 11241100x8000000000000000734394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5720ac8a09de77992021-12-21 12:54:49.451root 11241100x8000000000000000734395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:54:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9d9007ede51dc62021-12-21 12:54:49.451root