354300x8000000000000000723195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:08.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50552-false10.0.1.12-8000- 11241100x8000000000000000723196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03fee4a9937280e2021-12-21 12:50:08.692root 23542300x8000000000000000723197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.133{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000723198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90409ac990abe22b2021-12-21 12:50:09.134root 11241100x8000000000000000723199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf8949fa5d018f72021-12-21 12:50:09.134root 11241100x8000000000000000723200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c052828a69cddb712021-12-21 12:50:09.442root 11241100x8000000000000000723201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e5df44ed5ae872021-12-21 12:50:09.443root 11241100x8000000000000000723202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16931263bab207ae2021-12-21 12:50:09.942root 11241100x8000000000000000723203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceabd119af5a8af22021-12-21 12:50:09.943root 11241100x8000000000000000723204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95503c3bc01f1c9c2021-12-21 12:50:10.442root 11241100x8000000000000000723205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0159c0a8743b26f22021-12-21 12:50:10.442root 11241100x8000000000000000723206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0e969880254372021-12-21 12:50:10.942root 11241100x8000000000000000723207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059fd967f44ab9c32021-12-21 12:50:10.942root 11241100x8000000000000000723208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096971b2c80f441f2021-12-21 12:50:11.443root 11241100x8000000000000000723209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5512a4a1b1d94afe2021-12-21 12:50:11.443root 11241100x8000000000000000723210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3caac73f811cfe32021-12-21 12:50:11.942root 11241100x8000000000000000723211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0130fe18f556e1672021-12-21 12:50:11.943root 11241100x8000000000000000723212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989420e1527e484e2021-12-21 12:50:12.442root 11241100x8000000000000000723213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab830b67ba82dda2021-12-21 12:50:12.443root 11241100x8000000000000000723214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d7a5df42eb9e3a2021-12-21 12:50:12.942root 11241100x8000000000000000723215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167cf6aaa1cc37632021-12-21 12:50:12.943root 11241100x8000000000000000723216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61101f59b08aa1a2021-12-21 12:50:13.443root 11241100x8000000000000000723217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df7bc3ddafd065b2021-12-21 12:50:13.443root 11241100x8000000000000000723218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a19eb6030449732021-12-21 12:50:13.943root 11241100x8000000000000000723219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068d7d4f381f1132021-12-21 12:50:13.943root 354300x8000000000000000723220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50554-false10.0.1.12-8000- 11241100x8000000000000000723221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f7a55bf489a40c2021-12-21 12:50:14.442root 11241100x8000000000000000723222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57680734ba1602c32021-12-21 12:50:14.443root 11241100x8000000000000000723223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ad519e356b22ea2021-12-21 12:50:14.443root 11241100x8000000000000000723224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd39914e89f7db9a2021-12-21 12:50:14.942root 11241100x8000000000000000723225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d85ed4d4dd2ee2021-12-21 12:50:14.943root 11241100x8000000000000000723226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa15b24a0e12b922021-12-21 12:50:14.943root 11241100x8000000000000000723227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431a9ed74ed2bded2021-12-21 12:50:15.442root 11241100x8000000000000000723228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3e82487e16bc222021-12-21 12:50:15.443root 11241100x8000000000000000723229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1e36f71bb7d76e2021-12-21 12:50:15.443root 11241100x8000000000000000723230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddef05cc02bd7f92021-12-21 12:50:15.942root 11241100x8000000000000000723231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd2f3dfefc286932021-12-21 12:50:15.943root 11241100x8000000000000000723232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb60051c3b2c3a2021-12-21 12:50:15.943root 11241100x8000000000000000723233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338511af397db302021-12-21 12:50:16.442root 11241100x8000000000000000723234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1d04b9b988d4802021-12-21 12:50:16.443root 11241100x8000000000000000723235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e24900bb08c4f32021-12-21 12:50:16.443root 11241100x8000000000000000723236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a46018c2750b702021-12-21 12:50:16.942root 11241100x8000000000000000723237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21630c195a2d485b2021-12-21 12:50:16.943root 11241100x8000000000000000723238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a710cf7254500782021-12-21 12:50:16.943root 11241100x8000000000000000723239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857a229a06ea2b962021-12-21 12:50:17.442root 11241100x8000000000000000723240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c116c3840eefd2021-12-21 12:50:17.443root 11241100x8000000000000000723241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97d2a9c8b26af752021-12-21 12:50:17.443root 11241100x8000000000000000723242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253187b3f229bc782021-12-21 12:50:17.942root 11241100x8000000000000000723243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a571742903f1ff382021-12-21 12:50:17.943root 11241100x8000000000000000723244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081f7b0b5224da4b2021-12-21 12:50:17.943root 11241100x8000000000000000723245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5083ccaaa4a2b2422021-12-21 12:50:18.442root 11241100x8000000000000000723246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07784487d2fce75e2021-12-21 12:50:18.443root 11241100x8000000000000000723247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2011e0aaead566b2021-12-21 12:50:18.443root 11241100x8000000000000000723248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e001dcc3dbfba02021-12-21 12:50:18.942root 11241100x8000000000000000723249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2c137206cffa152021-12-21 12:50:18.943root 11241100x8000000000000000723250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbec48a3d7802522021-12-21 12:50:18.943root 354300x8000000000000000723251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50556-false10.0.1.12-8000- 11241100x8000000000000000723252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62de8480e4a33b2f2021-12-21 12:50:19.219root 11241100x8000000000000000723253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed514d295a488c2021-12-21 12:50:19.219root 11241100x8000000000000000723254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67130b38445c31772021-12-21 12:50:19.219root 11241100x8000000000000000723255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217d0b4fa203e1782021-12-21 12:50:19.219root 11241100x8000000000000000723256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0259b39209cb48c12021-12-21 12:50:19.692root 11241100x8000000000000000723257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77404beb51e279282021-12-21 12:50:19.693root 11241100x8000000000000000723258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba832ede8920eae2021-12-21 12:50:19.693root 11241100x8000000000000000723259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a11e7017baa3632021-12-21 12:50:19.693root 11241100x8000000000000000723260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e000246667d553892021-12-21 12:50:20.193root 11241100x8000000000000000723261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2e788e183866e2021-12-21 12:50:20.193root 11241100x8000000000000000723262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326135baeb3d96242021-12-21 12:50:20.193root 11241100x8000000000000000723263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d1cfb1ec7bab92021-12-21 12:50:20.193root 11241100x8000000000000000723264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b20d848d108134d2021-12-21 12:50:20.692root 11241100x8000000000000000723265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af2023d7060b6132021-12-21 12:50:20.693root 11241100x8000000000000000723266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8a0cba7e04a7f52021-12-21 12:50:20.693root 11241100x8000000000000000723267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6221f23aeb6692462021-12-21 12:50:20.693root 11241100x8000000000000000723268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a64e1966d532902021-12-21 12:50:21.192root 11241100x8000000000000000723269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92e961a965716b62021-12-21 12:50:21.193root 11241100x8000000000000000723270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3058917d6c465172021-12-21 12:50:21.193root 11241100x8000000000000000723271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eeeba1fc5cf79f2021-12-21 12:50:21.193root 11241100x8000000000000000723272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341a6acf884f624d2021-12-21 12:50:21.692root 11241100x8000000000000000723273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fe00fbc7fa1152021-12-21 12:50:21.693root 11241100x8000000000000000723274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850603cf84f4931d2021-12-21 12:50:21.693root 11241100x8000000000000000723275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4585f7d0a83e67c2021-12-21 12:50:21.693root 11241100x8000000000000000723276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b404956b0a7c12021-12-21 12:50:22.192root 11241100x8000000000000000723277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57146f4a83eb090a2021-12-21 12:50:22.193root 11241100x8000000000000000723278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd631a904fed022021-12-21 12:50:22.193root 11241100x8000000000000000723279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d33f6a370127152021-12-21 12:50:22.193root 11241100x8000000000000000723280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245eac089727e4b62021-12-21 12:50:22.692root 11241100x8000000000000000723281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211d3de82ef6d33e2021-12-21 12:50:22.693root 11241100x8000000000000000723282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a6f5706e04dd92021-12-21 12:50:22.693root 11241100x8000000000000000723283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97f7749cc9c6c292021-12-21 12:50:22.693root 11241100x8000000000000000723284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8efad807b9bd5892021-12-21 12:50:23.192root 11241100x8000000000000000723285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ebeb00a535560f2021-12-21 12:50:23.193root 11241100x8000000000000000723286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d465233fe661cc22021-12-21 12:50:23.193root 11241100x8000000000000000723287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a8980de9bf35402021-12-21 12:50:23.193root 11241100x8000000000000000723288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e752693fba7d6c2021-12-21 12:50:23.692root 11241100x8000000000000000723289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55de2b45cb7487dd2021-12-21 12:50:23.693root 11241100x8000000000000000723290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1838e60864410e9c2021-12-21 12:50:23.693root 11241100x8000000000000000723291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652c02ffd7997c912021-12-21 12:50:23.693root 11241100x8000000000000000723292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fb2a609380de682021-12-21 12:50:24.192root 11241100x8000000000000000723293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820a3fbc7fcc3cb32021-12-21 12:50:24.193root 11241100x8000000000000000723294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b9210f35084d942021-12-21 12:50:24.193root 11241100x8000000000000000723295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233949e7e662cd282021-12-21 12:50:24.193root 354300x8000000000000000723296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.232{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50558-false10.0.1.12-8000- 11241100x8000000000000000723297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d12c25f334e052021-12-21 12:50:24.693root 11241100x8000000000000000723298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256366bfa2e2bb3d2021-12-21 12:50:24.693root 11241100x8000000000000000723299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292c7548821090bb2021-12-21 12:50:24.693root 11241100x8000000000000000723300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d340c998fbd8c2021-12-21 12:50:24.693root 11241100x8000000000000000723301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf04e8825963fccf2021-12-21 12:50:24.693root 23542300x8000000000000000723302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.746{ec2b6afe-cd59-61c1-80c2-7097fd550000}10155ubuntu/bin/nano/home/ubuntu/./.stdout_etc.sh.swp--- 534500x8000000000000000723303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:24.746{ec2b6afe-cd59-61c1-80c2-7097fd550000}10155/bin/nanoubuntu 11241100x8000000000000000723304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f005e4bc9246112021-12-21 12:50:25.193root 11241100x8000000000000000723305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d5c3548f6d5842021-12-21 12:50:25.193root 11241100x8000000000000000723306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e1d37089efb582021-12-21 12:50:25.193root 11241100x8000000000000000723307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15867eec3396bf562021-12-21 12:50:25.193root 11241100x8000000000000000723308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8f64ed4b831e742021-12-21 12:50:25.193root 11241100x8000000000000000723309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c61188fefb13a942021-12-21 12:50:25.193root 11241100x8000000000000000723310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f860d4011d8e31d2021-12-21 12:50:25.193root 11241100x8000000000000000723311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87711742b1d33da2021-12-21 12:50:25.693root 11241100x8000000000000000723312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6482e7ce07a5402021-12-21 12:50:25.693root 11241100x8000000000000000723313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2c8a8868b9a83b2021-12-21 12:50:25.693root 11241100x8000000000000000723314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3b2ec8b09d3aa12021-12-21 12:50:25.693root 11241100x8000000000000000723315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e238293cf671982021-12-21 12:50:25.693root 11241100x8000000000000000723316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8da7ad519918a172021-12-21 12:50:25.693root 11241100x8000000000000000723317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff6193a3df5d632021-12-21 12:50:25.693root 354300x8000000000000000723318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37624-false10.0.1.12-8089- 11241100x8000000000000000723319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6d344e06757e02021-12-21 12:50:25.962root 11241100x8000000000000000723320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015ab97c68a45ceb2021-12-21 12:50:25.962root 11241100x8000000000000000723321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952b137714c341192021-12-21 12:50:25.963root 11241100x8000000000000000723322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42819e8b0c25da52021-12-21 12:50:25.963root 11241100x8000000000000000723323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b03202af9dd5a3c2021-12-21 12:50:25.963root 11241100x8000000000000000723324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5495df587fae40802021-12-21 12:50:25.963root 11241100x8000000000000000723325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8493fd55ed7dd2021-12-21 12:50:25.963root 11241100x8000000000000000723326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:25.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c62fb65d4cc55652021-12-21 12:50:25.963root 11241100x8000000000000000723327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de5d4b06a4d687d2021-12-21 12:50:26.443root 11241100x8000000000000000723328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b82adb9492d29b2021-12-21 12:50:26.443root 11241100x8000000000000000723329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90f5dd65c1f4d9a2021-12-21 12:50:26.443root 11241100x8000000000000000723330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb447eeae40e10b2021-12-21 12:50:26.443root 11241100x8000000000000000723331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1a26f21add9cd82021-12-21 12:50:26.443root 11241100x8000000000000000723332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6516c68b22d0202021-12-21 12:50:26.443root 11241100x8000000000000000723333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eff409be3157672021-12-21 12:50:26.443root 11241100x8000000000000000723334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e3e987d544ea5d2021-12-21 12:50:26.443root 11241100x8000000000000000723335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5192692ed475da2021-12-21 12:50:26.943root 11241100x8000000000000000723336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60f3013fe2638d02021-12-21 12:50:26.943root 11241100x8000000000000000723337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6edf9d3be49ae2021-12-21 12:50:26.943root 11241100x8000000000000000723338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8e3a167aad371f2021-12-21 12:50:26.943root 11241100x8000000000000000723339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0487bbbfe5ea5c332021-12-21 12:50:26.943root 11241100x8000000000000000723340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d1c9301debbe22021-12-21 12:50:26.943root 11241100x8000000000000000723341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f9f486c59e3d872021-12-21 12:50:26.943root 11241100x8000000000000000723342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948553d1a48f7ff2021-12-21 12:50:26.943root 154100x8000000000000000723343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.384{ec2b6afe-cd93-61c1-08f6-50cc6f550000}10157/usr/bin/clear-----clear/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000723344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-cd93-61c1-08f6-50cc6f550000}10157/usr/bin/clearubuntu 11241100x8000000000000000723345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad4c507dcef8e3e2021-12-21 12:50:27.385root 11241100x8000000000000000723346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8336e89b16dcb2021-12-21 12:50:27.385root 11241100x8000000000000000723347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc04189ccb49c572021-12-21 12:50:27.385root 11241100x8000000000000000723348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7eed4d5434113b2021-12-21 12:50:27.385root 11241100x8000000000000000723349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.385{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e387fbd8fc73e2ac2021-12-21 12:50:27.385root 11241100x8000000000000000723350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690be0396ec857672021-12-21 12:50:27.386root 11241100x8000000000000000723351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a485a3d5483fc12021-12-21 12:50:27.386root 11241100x8000000000000000723352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d906ddebefb8c92021-12-21 12:50:27.386root 11241100x8000000000000000723353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.386{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3433b2b6a369bc2021-12-21 12:50:27.386root 11241100x8000000000000000723354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f670abde9f2a19d2021-12-21 12:50:27.693root 11241100x8000000000000000723355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfd473b13a6290c2021-12-21 12:50:27.693root 11241100x8000000000000000723356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b1e3a2038bc30f2021-12-21 12:50:27.693root 11241100x8000000000000000723357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cca1c7410058032021-12-21 12:50:27.693root 11241100x8000000000000000723358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b74ed62faa0962021-12-21 12:50:27.693root 11241100x8000000000000000723359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a246e207aa67df802021-12-21 12:50:27.693root 11241100x8000000000000000723360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca302cd748f5f02021-12-21 12:50:27.693root 11241100x8000000000000000723361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9fb39a26bfafb92021-12-21 12:50:27.693root 11241100x8000000000000000723362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b783ff4a5c40c32021-12-21 12:50:27.693root 11241100x8000000000000000723363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4220d9736150912021-12-21 12:50:27.693root 11241100x8000000000000000723364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560477a6cdac0f5d2021-12-21 12:50:28.193root 11241100x8000000000000000723365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1457f4d526b1d5002021-12-21 12:50:28.193root 11241100x8000000000000000723366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8623198c950092c2021-12-21 12:50:28.193root 11241100x8000000000000000723367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16458208ced1bf382021-12-21 12:50:28.193root 11241100x8000000000000000723368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9584a10b506d8a2021-12-21 12:50:28.193root 11241100x8000000000000000723369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff5bd818613df362021-12-21 12:50:28.193root 11241100x8000000000000000723370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03253e296ca023da2021-12-21 12:50:28.193root 11241100x8000000000000000723371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d2560e0a9dc762021-12-21 12:50:28.193root 11241100x8000000000000000723372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a0d94ecb98d1ee2021-12-21 12:50:28.193root 11241100x8000000000000000723373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabaa4727e7b453c2021-12-21 12:50:28.193root 11241100x8000000000000000723374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5b0edb86d60de52021-12-21 12:50:28.693root 11241100x8000000000000000723375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8049fd3f5d4e98d22021-12-21 12:50:28.693root 11241100x8000000000000000723376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d851113fa0ea7cd2021-12-21 12:50:28.693root 11241100x8000000000000000723377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3360ba7c5f075e52021-12-21 12:50:28.693root 11241100x8000000000000000723378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9458f740122ae3362021-12-21 12:50:28.693root 11241100x8000000000000000723379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f76f3f8350c71c2021-12-21 12:50:28.693root 11241100x8000000000000000723380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caecd9ba3f82f6d12021-12-21 12:50:28.693root 11241100x8000000000000000723381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d0e8c6fe4be3672021-12-21 12:50:28.693root 11241100x8000000000000000723382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6d7751ec9c16122021-12-21 12:50:28.693root 11241100x8000000000000000723383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07306918dcda53832021-12-21 12:50:28.694root 11241100x8000000000000000723384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa90471a5ec7942021-12-21 12:50:29.193root 11241100x8000000000000000723385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3153b3c7b587c5a72021-12-21 12:50:29.193root 11241100x8000000000000000723386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1173e167698a3092021-12-21 12:50:29.193root 11241100x8000000000000000723387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61df82dfea034b02021-12-21 12:50:29.193root 11241100x8000000000000000723388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61de354b6871222021-12-21 12:50:29.193root 11241100x8000000000000000723389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d9ba2b34c516d32021-12-21 12:50:29.193root 11241100x8000000000000000723390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecca3ac4a3787152021-12-21 12:50:29.193root 11241100x8000000000000000723391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9d398c3afe30712021-12-21 12:50:29.193root 11241100x8000000000000000723392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0c2a958bb423d22021-12-21 12:50:29.193root 11241100x8000000000000000723393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba1374f887e86452021-12-21 12:50:29.193root 11241100x8000000000000000723394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf80c5cae563651d2021-12-21 12:50:29.693root 11241100x8000000000000000723395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8f76eb8448bd2f2021-12-21 12:50:29.693root 11241100x8000000000000000723396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9f49145f5b4b992021-12-21 12:50:29.693root 11241100x8000000000000000723397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a2d0da90b6f802021-12-21 12:50:29.693root 11241100x8000000000000000723398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dddbee2052f1312021-12-21 12:50:29.693root 11241100x8000000000000000723399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b4a5b14ef96722021-12-21 12:50:29.693root 11241100x8000000000000000723400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5bb752327cd2432021-12-21 12:50:29.693root 11241100x8000000000000000723401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa9f7ceaa31c5b22021-12-21 12:50:29.693root 11241100x8000000000000000723402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf30dfcf732b2f92021-12-21 12:50:29.693root 11241100x8000000000000000723403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8af849179f656bb2021-12-21 12:50:29.693root 11241100x8000000000000000723404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7273f0a7cad55a2021-12-21 12:50:30.193root 11241100x8000000000000000723405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf406d2350fc02ea2021-12-21 12:50:30.193root 11241100x8000000000000000723406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dc7ac929c35a932021-12-21 12:50:30.193root 11241100x8000000000000000723407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99409e5a460136372021-12-21 12:50:30.193root 11241100x8000000000000000723408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6843e53367d590c02021-12-21 12:50:30.193root 11241100x8000000000000000723409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4008da732b5dc6082021-12-21 12:50:30.193root 11241100x8000000000000000723410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76fcc3f8d48da2b2021-12-21 12:50:30.193root 11241100x8000000000000000723411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd0cc7b7d7e105a2021-12-21 12:50:30.193root 11241100x8000000000000000723412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd918eca3b61bfa2021-12-21 12:50:30.193root 11241100x8000000000000000723413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc67a227743ff3a72021-12-21 12:50:30.193root 354300x8000000000000000723414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.228{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50562-false10.0.1.12-8000- 11241100x8000000000000000723415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b062fbf2c23329582021-12-21 12:50:30.693root 11241100x8000000000000000723416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2d7ed483a1c00b2021-12-21 12:50:30.693root 11241100x8000000000000000723417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ef44d074afed552021-12-21 12:50:30.693root 11241100x8000000000000000723418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a35f3e043b7f112021-12-21 12:50:30.693root 11241100x8000000000000000723419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36eee905f0403d82021-12-21 12:50:30.693root 11241100x8000000000000000723420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd46fa5a06ec89a2021-12-21 12:50:30.693root 11241100x8000000000000000723421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d71aa5d7a215cd2021-12-21 12:50:30.693root 11241100x8000000000000000723422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7792ed5533a294862021-12-21 12:50:30.693root 11241100x8000000000000000723423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f218ef8f3ad6ec22021-12-21 12:50:30.693root 11241100x8000000000000000723424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cae5d4d950c5c532021-12-21 12:50:30.693root 11241100x8000000000000000723425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d70677371337f742021-12-21 12:50:30.693root 11241100x8000000000000000723426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ad21c39b9f1242021-12-21 12:50:31.193root 11241100x8000000000000000723427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a41fc6a5d3723b2021-12-21 12:50:31.193root 11241100x8000000000000000723428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdc6edeba86980c2021-12-21 12:50:31.193root 11241100x8000000000000000723429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c289329add065d7f2021-12-21 12:50:31.193root 11241100x8000000000000000723430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e8c92642727752021-12-21 12:50:31.193root 11241100x8000000000000000723431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b22c378fea298f2021-12-21 12:50:31.193root 11241100x8000000000000000723432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc6cba9e0920b1a2021-12-21 12:50:31.193root 11241100x8000000000000000723433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f94270f96911652021-12-21 12:50:31.193root 11241100x8000000000000000723434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd916f83fed8661b2021-12-21 12:50:31.193root 11241100x8000000000000000723435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad70b979ac17a962021-12-21 12:50:31.193root 11241100x8000000000000000723436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ddc368a9fd232f2021-12-21 12:50:31.194root 11241100x8000000000000000723437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9046e546c7d79da62021-12-21 12:50:31.693root 11241100x8000000000000000723438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da656db97a56f9442021-12-21 12:50:31.693root 11241100x8000000000000000723439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3c3d5872e11c52021-12-21 12:50:31.693root 11241100x8000000000000000723440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc01f899ad7c85dd2021-12-21 12:50:31.693root 11241100x8000000000000000723441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674b3f7bf69b986e2021-12-21 12:50:31.693root 11241100x8000000000000000723442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec864d4461da3732021-12-21 12:50:31.693root 11241100x8000000000000000723443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a970161d73ea8e2021-12-21 12:50:31.693root 11241100x8000000000000000723444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbde0b82c984acf2021-12-21 12:50:31.693root 11241100x8000000000000000723445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6de434ba813b1762021-12-21 12:50:31.693root 11241100x8000000000000000723446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b18e7030d24582021-12-21 12:50:31.693root 11241100x8000000000000000723447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4f1f9613031f22021-12-21 12:50:31.694root 11241100x8000000000000000723448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf9a55c5361dc82021-12-21 12:50:32.193root 11241100x8000000000000000723449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2ebd615bf4ffad2021-12-21 12:50:32.193root 11241100x8000000000000000723450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0621f66b6e57a72e2021-12-21 12:50:32.193root 11241100x8000000000000000723451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f975a7ebafea062021-12-21 12:50:32.193root 11241100x8000000000000000723452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1196eca289338bae2021-12-21 12:50:32.193root 11241100x8000000000000000723453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d55bbba996bf982021-12-21 12:50:32.193root 11241100x8000000000000000723454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4589a4c5ac2f54dd2021-12-21 12:50:32.193root 11241100x8000000000000000723455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6369f0189cf2aaf2021-12-21 12:50:32.193root 11241100x8000000000000000723456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c59e828bda2faec2021-12-21 12:50:32.194root 11241100x8000000000000000723457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691ef9f293946ec2021-12-21 12:50:32.194root 11241100x8000000000000000723458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7bf6e6611dba062021-12-21 12:50:32.194root 11241100x8000000000000000723459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e7d220d53a30442021-12-21 12:50:32.693root 11241100x8000000000000000723460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a219829489808c52021-12-21 12:50:32.693root 11241100x8000000000000000723461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace6956c33b9f2752021-12-21 12:50:32.693root 11241100x8000000000000000723462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d072bae5172f9d92021-12-21 12:50:32.693root 11241100x8000000000000000723463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b945e68334d03af2021-12-21 12:50:32.693root 11241100x8000000000000000723464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c494939c59bf35c32021-12-21 12:50:32.693root 11241100x8000000000000000723465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69b284853672382021-12-21 12:50:32.693root 11241100x8000000000000000723466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d82e8a4d522dece2021-12-21 12:50:32.693root 11241100x8000000000000000723467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9404fd25c7c5a8f22021-12-21 12:50:32.693root 11241100x8000000000000000723468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15ec36f9e7427852021-12-21 12:50:32.694root 11241100x8000000000000000723469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328059a9da65cc32021-12-21 12:50:32.694root 11241100x8000000000000000723470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e661d067f74e98a92021-12-21 12:50:33.193root 11241100x8000000000000000723471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c15d3446c902fd92021-12-21 12:50:33.193root 11241100x8000000000000000723472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54fc910a5906cd2021-12-21 12:50:33.193root 11241100x8000000000000000723473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a832c8c01f749b2021-12-21 12:50:33.193root 11241100x8000000000000000723474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8806fa4ab38dfb2021-12-21 12:50:33.193root 11241100x8000000000000000723475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200791505badfda72021-12-21 12:50:33.193root 11241100x8000000000000000723476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b4a055861a29f2021-12-21 12:50:33.193root 11241100x8000000000000000723477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d7b61439d461bf2021-12-21 12:50:33.193root 11241100x8000000000000000723478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff58442cf56cca2021-12-21 12:50:33.193root 11241100x8000000000000000723479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598760661e4e09e52021-12-21 12:50:33.193root 11241100x8000000000000000723480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21d73fae4835b282021-12-21 12:50:33.194root 11241100x8000000000000000723481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb895f8969431f62021-12-21 12:50:33.693root 11241100x8000000000000000723482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d215bdab91bd0b0e2021-12-21 12:50:33.693root 11241100x8000000000000000723483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd01e85de04bc10e2021-12-21 12:50:33.693root 11241100x8000000000000000723484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107d16477042b7472021-12-21 12:50:33.693root 11241100x8000000000000000723485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce926779c6303fa42021-12-21 12:50:33.693root 11241100x8000000000000000723486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a32ad92844c2fa2021-12-21 12:50:33.693root 11241100x8000000000000000723487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66652681876c1fb02021-12-21 12:50:33.693root 11241100x8000000000000000723488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc000b7020db8a542021-12-21 12:50:33.693root 11241100x8000000000000000723489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b3544724642f9b2021-12-21 12:50:33.693root 11241100x8000000000000000723490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533207a1bb00e39b2021-12-21 12:50:33.693root 11241100x8000000000000000723491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f493dd4b65d6952021-12-21 12:50:33.694root 11241100x8000000000000000723492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef74836760675b7c2021-12-21 12:50:34.193root 11241100x8000000000000000723493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c4af65ee4862ba2021-12-21 12:50:34.193root 11241100x8000000000000000723494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a8247325a6d6bb2021-12-21 12:50:34.193root 11241100x8000000000000000723495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26a82a338e945952021-12-21 12:50:34.193root 11241100x8000000000000000723496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a6e77782a9d4432021-12-21 12:50:34.193root 11241100x8000000000000000723497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f2123177565902021-12-21 12:50:34.193root 11241100x8000000000000000723498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef98740cf0b03902021-12-21 12:50:34.193root 11241100x8000000000000000723499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c181e5f7a7353362021-12-21 12:50:34.193root 11241100x8000000000000000723500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8dd863fd240682021-12-21 12:50:34.193root 11241100x8000000000000000723501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf0dd6d67cb4ed42021-12-21 12:50:34.194root 11241100x8000000000000000723502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152b44fb1895d9662021-12-21 12:50:34.194root 11241100x8000000000000000723503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62df550506d6ec352021-12-21 12:50:34.693root 11241100x8000000000000000723504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac007854acd918842021-12-21 12:50:34.693root 11241100x8000000000000000723505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f646e70d31ce63072021-12-21 12:50:34.693root 11241100x8000000000000000723506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b274ba94db822b242021-12-21 12:50:34.693root 11241100x8000000000000000723507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6377a03e66c24efc2021-12-21 12:50:34.693root 11241100x8000000000000000723508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966442d62e57082b2021-12-21 12:50:34.693root 11241100x8000000000000000723509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f745f6565fe52372021-12-21 12:50:34.693root 11241100x8000000000000000723510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f42610796ba5b122021-12-21 12:50:34.693root 11241100x8000000000000000723511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8641156afc77a2021-12-21 12:50:34.693root 11241100x8000000000000000723512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b7e523e3d0f60a2021-12-21 12:50:34.693root 11241100x8000000000000000723513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f37351a744ad1f22021-12-21 12:50:34.694root 11241100x8000000000000000723514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1548460913ff9f2021-12-21 12:50:35.192root 11241100x8000000000000000723515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98283f14d17d20e22021-12-21 12:50:35.193root 11241100x8000000000000000723516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955c28fbbedcf0ed2021-12-21 12:50:35.193root 11241100x8000000000000000723517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c55555d0ae68d2021-12-21 12:50:35.193root 11241100x8000000000000000723518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d227e1947fa68e2021-12-21 12:50:35.193root 11241100x8000000000000000723519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477ba6233b414102021-12-21 12:50:35.193root 11241100x8000000000000000723520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec94ce1f1fe398c2021-12-21 12:50:35.193root 11241100x8000000000000000723521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b06920816e9772021-12-21 12:50:35.193root 11241100x8000000000000000723522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5244d0d6c27780e72021-12-21 12:50:35.193root 11241100x8000000000000000723523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6a0992d21f796c2021-12-21 12:50:35.193root 11241100x8000000000000000723524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469db0b237bf9a002021-12-21 12:50:35.193root 11241100x8000000000000000723525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a156f195c20b062021-12-21 12:50:35.693root 11241100x8000000000000000723526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09cc3e6b072c802021-12-21 12:50:35.693root 11241100x8000000000000000723527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef76b90a498456532021-12-21 12:50:35.693root 11241100x8000000000000000723528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44adf5ff223714242021-12-21 12:50:35.693root 11241100x8000000000000000723529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1af58fbc02360d2021-12-21 12:50:35.693root 11241100x8000000000000000723530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472bcc91fc2c6f522021-12-21 12:50:35.693root 11241100x8000000000000000723531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5480e8b0225b79d62021-12-21 12:50:35.693root 11241100x8000000000000000723532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b0206f4de073382021-12-21 12:50:35.693root 11241100x8000000000000000723533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7e5da615af3d822021-12-21 12:50:35.693root 11241100x8000000000000000723534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd74e85b2dfca5a42021-12-21 12:50:35.693root 11241100x8000000000000000723535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0a825e2236a74d2021-12-21 12:50:35.694root 354300x8000000000000000723536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.026{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50564-false10.0.1.12-8000- 11241100x8000000000000000723537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b842e3247e04f3842021-12-21 12:50:36.027root 11241100x8000000000000000723538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bf810d86477c9d2021-12-21 12:50:36.027root 11241100x8000000000000000723539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfa0c7016ec6d702021-12-21 12:50:36.027root 11241100x8000000000000000723540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85877ec9dbfa71542021-12-21 12:50:36.028root 11241100x8000000000000000723541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936dcf01aaa295202021-12-21 12:50:36.028root 11241100x8000000000000000723542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6e5b07482630cd2021-12-21 12:50:36.029root 11241100x8000000000000000723543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dfd872b0c102f62021-12-21 12:50:36.029root 11241100x8000000000000000723544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6711d68e18b09c142021-12-21 12:50:36.029root 11241100x8000000000000000723545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e31cc5527719ca2021-12-21 12:50:36.029root 11241100x8000000000000000723546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2336bcb1a2f74062021-12-21 12:50:36.029root 11241100x8000000000000000723547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff90ee69056bdf12021-12-21 12:50:36.029root 11241100x8000000000000000723548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc993abdb96385832021-12-21 12:50:36.029root 11241100x8000000000000000723549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:50:36.131root 11241100x8000000000000000723550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ed144fb7bb3f932021-12-21 12:50:36.443root 11241100x8000000000000000723551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0728fb7b76167ad2021-12-21 12:50:36.443root 11241100x8000000000000000723552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d9c2d7168ff6432021-12-21 12:50:36.443root 11241100x8000000000000000723553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a68d7b5a6f64682021-12-21 12:50:36.443root 11241100x8000000000000000723554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f221e844f258cd82021-12-21 12:50:36.443root 11241100x8000000000000000723555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bd61ea66d9e6d52021-12-21 12:50:36.443root 11241100x8000000000000000723556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058993bf13fc89c82021-12-21 12:50:36.443root 11241100x8000000000000000723557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7674943c1844a33c2021-12-21 12:50:36.443root 11241100x8000000000000000723558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ee9a0ff0159d672021-12-21 12:50:36.444root 11241100x8000000000000000723559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9d1e55e6d1ee342021-12-21 12:50:36.444root 11241100x8000000000000000723560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f404ed69230f2b942021-12-21 12:50:36.444root 11241100x8000000000000000723561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a094b4029368e2021-12-21 12:50:36.444root 11241100x8000000000000000723562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c3646b907de1bd2021-12-21 12:50:36.444root 11241100x8000000000000000723563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70af8addcd4a66802021-12-21 12:50:36.943root 11241100x8000000000000000723564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668901acd5796522021-12-21 12:50:36.943root 11241100x8000000000000000723565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80894d26b79940092021-12-21 12:50:36.943root 11241100x8000000000000000723566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fddb6068bf90312021-12-21 12:50:36.943root 11241100x8000000000000000723567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768b28896379a8012021-12-21 12:50:36.943root 11241100x8000000000000000723568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f917f60b6bd034bf2021-12-21 12:50:36.943root 11241100x8000000000000000723569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3d9e1cca32e702021-12-21 12:50:36.943root 11241100x8000000000000000723570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a64fb388934b642021-12-21 12:50:36.943root 11241100x8000000000000000723571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1f5c789ec41b012021-12-21 12:50:36.944root 11241100x8000000000000000723572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23804ba95161588b2021-12-21 12:50:36.944root 11241100x8000000000000000723573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc697bff7746f8b42021-12-21 12:50:36.944root 11241100x8000000000000000723574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d943a0fb859ed2a2021-12-21 12:50:36.944root 11241100x8000000000000000723575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0443c8f9f3618e32021-12-21 12:50:36.944root 11241100x8000000000000000723576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b305d2e1133329e2021-12-21 12:50:37.443root 11241100x8000000000000000723577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49b69d8c0e54ab82021-12-21 12:50:37.443root 11241100x8000000000000000723578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d855bb5ca985922021-12-21 12:50:37.443root 11241100x8000000000000000723579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd0a550cc85289d2021-12-21 12:50:37.443root 11241100x8000000000000000723580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0745e3e260608a2021-12-21 12:50:37.443root 11241100x8000000000000000723581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69cf08f1c911c52021-12-21 12:50:37.444root 11241100x8000000000000000723582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74531c9453af7d172021-12-21 12:50:37.444root 11241100x8000000000000000723583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46806b07a84ba95e2021-12-21 12:50:37.444root 11241100x8000000000000000723584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd537cb24b0fa622021-12-21 12:50:37.444root 11241100x8000000000000000723585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a99a5b9cb483322021-12-21 12:50:37.444root 11241100x8000000000000000723586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bc07f63043dccf2021-12-21 12:50:37.444root 11241100x8000000000000000723587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf72c6725254120e2021-12-21 12:50:37.444root 11241100x8000000000000000723588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda1392f3946f4d12021-12-21 12:50:37.444root 11241100x8000000000000000723589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66ce71bbf98c2632021-12-21 12:50:37.943root 11241100x8000000000000000723590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c155231eabd661462021-12-21 12:50:37.943root 11241100x8000000000000000723591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd86f9ef74224a942021-12-21 12:50:37.943root 11241100x8000000000000000723592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84076004340be0192021-12-21 12:50:37.943root 11241100x8000000000000000723593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed41d5dfe9af26d2021-12-21 12:50:37.943root 11241100x8000000000000000723594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec05fb907f01122021-12-21 12:50:37.943root 11241100x8000000000000000723595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a38825cacfe7b7c2021-12-21 12:50:37.943root 11241100x8000000000000000723596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e5916d89935d992021-12-21 12:50:37.943root 11241100x8000000000000000723597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e57e9966c807292021-12-21 12:50:37.944root 11241100x8000000000000000723598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baed8b25c9482182021-12-21 12:50:37.944root 11241100x8000000000000000723599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463212e537e5353e2021-12-21 12:50:37.944root 11241100x8000000000000000723600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af9c4593ba5affa2021-12-21 12:50:37.944root 11241100x8000000000000000723601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cb4f5d0c3a8c0d2021-12-21 12:50:37.944root 11241100x8000000000000000723602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb751246b81a682021-12-21 12:50:38.443root 11241100x8000000000000000723603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3996dedcc30a822021-12-21 12:50:38.443root 11241100x8000000000000000723604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdcebc4edce1f842021-12-21 12:50:38.443root 11241100x8000000000000000723605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1afb4a05831ed1f2021-12-21 12:50:38.443root 11241100x8000000000000000723606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17d147a60d3c04f2021-12-21 12:50:38.443root 11241100x8000000000000000723607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbf43662de6a6a12021-12-21 12:50:38.443root 11241100x8000000000000000723608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7b29a9bd0643282021-12-21 12:50:38.444root 11241100x8000000000000000723609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fca06a18c61a0442021-12-21 12:50:38.444root 11241100x8000000000000000723610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43548298ec8cf8652021-12-21 12:50:38.444root 11241100x8000000000000000723611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc24ff6c298a08e2021-12-21 12:50:38.444root 11241100x8000000000000000723612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8edcfc5e05815d2021-12-21 12:50:38.444root 11241100x8000000000000000723613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115866bd96d902292021-12-21 12:50:38.444root 11241100x8000000000000000723614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626717a5df4f3af2021-12-21 12:50:38.444root 11241100x8000000000000000723615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632bba6f6913fcf2021-12-21 12:50:38.943root 11241100x8000000000000000723616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd399df823b6e62021-12-21 12:50:38.943root 11241100x8000000000000000723617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d50562a708737a2021-12-21 12:50:38.943root 11241100x8000000000000000723618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0f350630f57bdd2021-12-21 12:50:38.943root 11241100x8000000000000000723619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc0b86dfded02e32021-12-21 12:50:38.943root 11241100x8000000000000000723620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980064d1a71200212021-12-21 12:50:38.943root 11241100x8000000000000000723621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b427cb3acf2699a02021-12-21 12:50:38.943root 11241100x8000000000000000723622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48335f5b454d4b8d2021-12-21 12:50:38.943root 11241100x8000000000000000723623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96adf5d2f6c15e12021-12-21 12:50:38.943root 11241100x8000000000000000723624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2cbad05e367d522021-12-21 12:50:38.944root 11241100x8000000000000000723625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daaead0fdb29e7b2021-12-21 12:50:38.944root 11241100x8000000000000000723626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6543396a64f087192021-12-21 12:50:38.944root 11241100x8000000000000000723627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc78ecbb46c3ab92021-12-21 12:50:38.944root 154100x8000000000000000723628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.002{ec2b6afe-cd9f-61c1-6824-c19374550000}10158/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000723629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.013{ec2b6afe-cd9f-61c1-6824-c19374550000}10158/bin/psroot 23542300x8000000000000000723630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.132{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000723631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2951f437520842021-12-21 12:50:39.443root 11241100x8000000000000000723632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013db5034365426c2021-12-21 12:50:39.443root 11241100x8000000000000000723633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542147206d1f41982021-12-21 12:50:39.443root 11241100x8000000000000000723634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd1a8f97bc214462021-12-21 12:50:39.443root 11241100x8000000000000000723635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f6c8952962fd52021-12-21 12:50:39.443root 11241100x8000000000000000723636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978fddae2d063d952021-12-21 12:50:39.443root 11241100x8000000000000000723637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1798bc573a55a82021-12-21 12:50:39.444root 11241100x8000000000000000723638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6b5b33667260d22021-12-21 12:50:39.444root 11241100x8000000000000000723639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6770981f4e1fc942021-12-21 12:50:39.444root 11241100x8000000000000000723640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61f74c0d5b1da092021-12-21 12:50:39.444root 11241100x8000000000000000723641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a26fe04ec79ca82021-12-21 12:50:39.444root 11241100x8000000000000000723642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb90ea818ac72cb92021-12-21 12:50:39.444root 11241100x8000000000000000723643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8b630716eee5712021-12-21 12:50:39.444root 11241100x8000000000000000723644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc4f210faf154b2021-12-21 12:50:39.444root 11241100x8000000000000000723645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83936ae2931970ce2021-12-21 12:50:39.444root 11241100x8000000000000000723646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf64e42ece43fe92021-12-21 12:50:39.444root 11241100x8000000000000000723647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a05a1b7954544282021-12-21 12:50:39.943root 11241100x8000000000000000723648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8b9d68187680d32021-12-21 12:50:39.943root 11241100x8000000000000000723649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa74292ebc6f15952021-12-21 12:50:39.943root 11241100x8000000000000000723650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07b0d5564bc4f5b2021-12-21 12:50:39.943root 11241100x8000000000000000723651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa36e1af5d9e7a72021-12-21 12:50:39.943root 11241100x8000000000000000723652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1cec91038d4302021-12-21 12:50:39.943root 11241100x8000000000000000723653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb18d9f2766382c52021-12-21 12:50:39.944root 11241100x8000000000000000723654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d5816d3feab4a2021-12-21 12:50:39.944root 11241100x8000000000000000723655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413ae6ee91ceba3c2021-12-21 12:50:39.944root 11241100x8000000000000000723656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a65c59b537ae532021-12-21 12:50:39.944root 11241100x8000000000000000723657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d714d0c577b04bab2021-12-21 12:50:39.944root 11241100x8000000000000000723658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917177b26db07a872021-12-21 12:50:39.944root 11241100x8000000000000000723659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc554eeacbf78cd82021-12-21 12:50:39.944root 11241100x8000000000000000723660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dce6e3b00fcb772021-12-21 12:50:39.944root 11241100x8000000000000000723661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717717678659ac642021-12-21 12:50:39.944root 11241100x8000000000000000723662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f15a4c64d6f0f2021-12-21 12:50:39.944root 11241100x8000000000000000723663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1216de4726c5e12021-12-21 12:50:40.443root 11241100x8000000000000000723664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93231a06869c35fc2021-12-21 12:50:40.443root 11241100x8000000000000000723665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d747e61b2d0e72021-12-21 12:50:40.443root 11241100x8000000000000000723666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b167cb4e0a5ec78e2021-12-21 12:50:40.443root 11241100x8000000000000000723667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b4074c11d3fc972021-12-21 12:50:40.443root 11241100x8000000000000000723668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e65990467f6e30f2021-12-21 12:50:40.443root 11241100x8000000000000000723669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746d982c02f277422021-12-21 12:50:40.443root 11241100x8000000000000000723670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a3caa13ebe4b622021-12-21 12:50:40.444root 11241100x8000000000000000723671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51112aced48f9a2f2021-12-21 12:50:40.444root 11241100x8000000000000000723672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea58191a5105ce4e2021-12-21 12:50:40.444root 11241100x8000000000000000723673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1280d45d4b85d62021-12-21 12:50:40.444root 11241100x8000000000000000723674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2295495e520bd1412021-12-21 12:50:40.444root 11241100x8000000000000000723675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af27bb2a848ef752021-12-21 12:50:40.444root 11241100x8000000000000000723676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9a499be4877662021-12-21 12:50:40.444root 11241100x8000000000000000723677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981bef329486453c2021-12-21 12:50:40.444root 11241100x8000000000000000723678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5be3cb1f6a32d92021-12-21 12:50:40.444root 11241100x8000000000000000723679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b505dc24e5a978b2021-12-21 12:50:40.943root 11241100x8000000000000000723680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e558b962a96532021-12-21 12:50:40.943root 11241100x8000000000000000723681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe26090797017a12021-12-21 12:50:40.943root 11241100x8000000000000000723682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cc67926c5fa3a22021-12-21 12:50:40.943root 11241100x8000000000000000723683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344826d8827a72902021-12-21 12:50:40.944root 11241100x8000000000000000723684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd02206787d1c9682021-12-21 12:50:40.944root 11241100x8000000000000000723685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba150dd4c19e5eb32021-12-21 12:50:40.944root 11241100x8000000000000000723686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ac28c36ff36de2021-12-21 12:50:40.944root 11241100x8000000000000000723687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d0209816f451222021-12-21 12:50:40.944root 11241100x8000000000000000723688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c0f330815e54c2021-12-21 12:50:40.944root 11241100x8000000000000000723689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e88e08fa506c12021-12-21 12:50:40.944root 11241100x8000000000000000723690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca02c89e571a19f2021-12-21 12:50:40.944root 11241100x8000000000000000723691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f658f9e87274cda62021-12-21 12:50:40.944root 11241100x8000000000000000723692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a6e97f37b6d482021-12-21 12:50:40.944root 11241100x8000000000000000723693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb1781406b87a52021-12-21 12:50:40.944root 11241100x8000000000000000723694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcc6a549b66afa22021-12-21 12:50:40.944root 354300x8000000000000000723695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.073{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50566-false10.0.1.12-8000- 11241100x8000000000000000723696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55295b1e34871d52021-12-21 12:50:41.443root 11241100x8000000000000000723697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf624989ad790eb82021-12-21 12:50:41.443root 11241100x8000000000000000723698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30194ce6d317dfea2021-12-21 12:50:41.443root 11241100x8000000000000000723699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f2c84e96e048952021-12-21 12:50:41.443root 11241100x8000000000000000723700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2192192a79c6472021-12-21 12:50:41.443root 11241100x8000000000000000723701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35855cc8b36b41032021-12-21 12:50:41.444root 11241100x8000000000000000723702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a0093a7258a2632021-12-21 12:50:41.444root 11241100x8000000000000000723703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af35da8b35a338b2021-12-21 12:50:41.444root 11241100x8000000000000000723704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feee14e4e290166e2021-12-21 12:50:41.444root 11241100x8000000000000000723705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e5d7e58f5e44302021-12-21 12:50:41.444root 11241100x8000000000000000723706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad964ec40b5d68e32021-12-21 12:50:41.444root 11241100x8000000000000000723707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237374cf7362d0c02021-12-21 12:50:41.444root 11241100x8000000000000000723708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4884d12c466356b2021-12-21 12:50:41.444root 11241100x8000000000000000723709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9429ba54acba6632021-12-21 12:50:41.444root 11241100x8000000000000000723710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340eef89d010990e2021-12-21 12:50:41.444root 11241100x8000000000000000723711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e3efe9590d6a6e2021-12-21 12:50:41.444root 11241100x8000000000000000723712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ea57d2494fcf62021-12-21 12:50:41.444root 11241100x8000000000000000723713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d106f2c9b12bb8992021-12-21 12:50:41.943root 11241100x8000000000000000723714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23bb0bdcb12dea02021-12-21 12:50:41.943root 11241100x8000000000000000723715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e09c871578a6c762021-12-21 12:50:41.944root 11241100x8000000000000000723716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebdfdfa03e9ead22021-12-21 12:50:41.944root 11241100x8000000000000000723717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf8630e905695c72021-12-21 12:50:41.944root 11241100x8000000000000000723718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bffc458d08d42a22021-12-21 12:50:41.944root 11241100x8000000000000000723719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f8939ca44e2d312021-12-21 12:50:41.944root 11241100x8000000000000000723720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa0541e8ca8b1c02021-12-21 12:50:41.944root 11241100x8000000000000000723721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d387956cffd45c142021-12-21 12:50:41.945root 11241100x8000000000000000723722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beff7ff37ea6ef942021-12-21 12:50:41.945root 11241100x8000000000000000723723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2271a2d13f0d9cf32021-12-21 12:50:41.945root 11241100x8000000000000000723724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ef0b870c22af882021-12-21 12:50:41.945root 11241100x8000000000000000723725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e9f5804cf98fae2021-12-21 12:50:41.945root 11241100x8000000000000000723726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c72a96b923ccc12021-12-21 12:50:41.945root 11241100x8000000000000000723727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74114bb7cfce5a1e2021-12-21 12:50:41.945root 11241100x8000000000000000723728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ac4775c7265d002021-12-21 12:50:41.946root 11241100x8000000000000000723729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38416aec414532662021-12-21 12:50:41.946root 11241100x8000000000000000723730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bca2cdfee47f8c82021-12-21 12:50:42.443root 11241100x8000000000000000723731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b2a30c48e01ed2021-12-21 12:50:42.443root 11241100x8000000000000000723732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4246fe89976b624e2021-12-21 12:50:42.444root 11241100x8000000000000000723733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ebd45f34172d62021-12-21 12:50:42.444root 11241100x8000000000000000723734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94096c4e0a97ab2021-12-21 12:50:42.444root 11241100x8000000000000000723735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8dbafa25cda172021-12-21 12:50:42.444root 11241100x8000000000000000723736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb1155a82964d5f2021-12-21 12:50:42.444root 11241100x8000000000000000723737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9fd77ad9d99ef52021-12-21 12:50:42.444root 11241100x8000000000000000723738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf22ca329d7a2ee2021-12-21 12:50:42.445root 11241100x8000000000000000723739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec94d686e6460cb12021-12-21 12:50:42.445root 11241100x8000000000000000723740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c237efd952e7262021-12-21 12:50:42.445root 11241100x8000000000000000723741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2383a403499459172021-12-21 12:50:42.445root 11241100x8000000000000000723742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c8b38f663fb8e92021-12-21 12:50:42.445root 11241100x8000000000000000723743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedbcbe8020ac0872021-12-21 12:50:42.445root 11241100x8000000000000000723744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be159bcf8a6738872021-12-21 12:50:42.445root 11241100x8000000000000000723745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8176e3dbc6477ab32021-12-21 12:50:42.446root 11241100x8000000000000000723746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaff8a8c8cb6acf2021-12-21 12:50:42.446root 11241100x8000000000000000723747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828f66bd8069f86a2021-12-21 12:50:42.943root 11241100x8000000000000000723748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c0204dadd023332021-12-21 12:50:42.943root 11241100x8000000000000000723749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee024f2d0a0aab2021-12-21 12:50:42.944root 11241100x8000000000000000723750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea748e71ce77e02a2021-12-21 12:50:42.944root 11241100x8000000000000000723751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9c00950499f0f92021-12-21 12:50:42.944root 11241100x8000000000000000723752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f409baba936da2d32021-12-21 12:50:42.944root 11241100x8000000000000000723753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9051dd4f0870c362021-12-21 12:50:42.944root 11241100x8000000000000000723754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7708a0f3e27690162021-12-21 12:50:42.944root 11241100x8000000000000000723755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca536bae7e9504fb2021-12-21 12:50:42.945root 11241100x8000000000000000723756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4fe00c3d753e72021-12-21 12:50:42.945root 11241100x8000000000000000723757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba248e4f4e14b7b2021-12-21 12:50:42.945root 11241100x8000000000000000723758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd65674693774b722021-12-21 12:50:42.945root 11241100x8000000000000000723759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbfcd6c119004712021-12-21 12:50:42.945root 11241100x8000000000000000723760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ba1c0b9aa8b5e2021-12-21 12:50:42.945root 11241100x8000000000000000723761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1f5b495aaa1f842021-12-21 12:50:42.945root 11241100x8000000000000000723762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49582a50948d5872021-12-21 12:50:42.946root 11241100x8000000000000000723763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062818207f5da2f62021-12-21 12:50:42.946root 11241100x8000000000000000723764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3efc42f95683c7b2021-12-21 12:50:43.443root 11241100x8000000000000000723765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7704452f22724ee52021-12-21 12:50:43.443root 11241100x8000000000000000723766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49900a91654b9b0d2021-12-21 12:50:43.443root 11241100x8000000000000000723767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc227ea43350f3012021-12-21 12:50:43.443root 11241100x8000000000000000723768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1789d19b52373f4f2021-12-21 12:50:43.444root 11241100x8000000000000000723769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e041df9033e04722021-12-21 12:50:43.444root 11241100x8000000000000000723770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a94f56783067a62021-12-21 12:50:43.444root 11241100x8000000000000000723771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a537f15bd6a4490a2021-12-21 12:50:43.444root 11241100x8000000000000000723772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4a2543e86af8342021-12-21 12:50:43.444root 11241100x8000000000000000723773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dc3295c9bf54932021-12-21 12:50:43.444root 11241100x8000000000000000723774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f804625e7040d0572021-12-21 12:50:43.444root 11241100x8000000000000000723775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625d3b6a981621cb2021-12-21 12:50:43.444root 11241100x8000000000000000723776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737e92560112fb3d2021-12-21 12:50:43.444root 11241100x8000000000000000723777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823a657833b178f52021-12-21 12:50:43.444root 11241100x8000000000000000723778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2679fb5364e4316f2021-12-21 12:50:43.444root 11241100x8000000000000000723779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb545fcd0844932021-12-21 12:50:43.444root 11241100x8000000000000000723780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d6135b6790dd12021-12-21 12:50:43.444root 11241100x8000000000000000723781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c676161abdec94de2021-12-21 12:50:43.943root 11241100x8000000000000000723782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2b24bd84fe1b9e2021-12-21 12:50:43.943root 11241100x8000000000000000723783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac99b56adf330292021-12-21 12:50:43.944root 11241100x8000000000000000723784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794a521a5a5ee2742021-12-21 12:50:43.944root 11241100x8000000000000000723785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc5983ebc15f2be2021-12-21 12:50:43.944root 11241100x8000000000000000723786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4f78833c3431a82021-12-21 12:50:43.944root 11241100x8000000000000000723787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81c6790873551702021-12-21 12:50:43.944root 11241100x8000000000000000723788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af4e1700f5066f2021-12-21 12:50:43.944root 11241100x8000000000000000723789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66c62467277198e2021-12-21 12:50:43.945root 11241100x8000000000000000723790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd3b927d212c8c02021-12-21 12:50:43.945root 11241100x8000000000000000723791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62997d4b09987f902021-12-21 12:50:43.945root 11241100x8000000000000000723792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e9067f10b7356f2021-12-21 12:50:43.945root 11241100x8000000000000000723793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2d79d29eca15f2021-12-21 12:50:43.945root 11241100x8000000000000000723794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd4f1789c72c8f72021-12-21 12:50:43.945root 11241100x8000000000000000723795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2691f3bd05572802021-12-21 12:50:43.945root 11241100x8000000000000000723796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6752137320e6e0a82021-12-21 12:50:43.946root 11241100x8000000000000000723797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db1353d4520f8562021-12-21 12:50:43.946root 11241100x8000000000000000723798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75664b575e06f612021-12-21 12:50:44.443root 11241100x8000000000000000723799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad558e0b3d9f1bf2021-12-21 12:50:44.443root 11241100x8000000000000000723800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025ddc37c880e8932021-12-21 12:50:44.444root 11241100x8000000000000000723801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3c0fa5ee67ae12021-12-21 12:50:44.444root 11241100x8000000000000000723802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb763a524c14776a2021-12-21 12:50:44.444root 11241100x8000000000000000723803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a60b86d302ad9c2021-12-21 12:50:44.444root 11241100x8000000000000000723804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5384dc6fbc564c22021-12-21 12:50:44.444root 11241100x8000000000000000723805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8f2b71353df9d2021-12-21 12:50:44.444root 11241100x8000000000000000723806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a7581981e4c6b2021-12-21 12:50:44.444root 11241100x8000000000000000723807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e705b78514a2d4582021-12-21 12:50:44.445root 11241100x8000000000000000723808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36eacb86a28ae712021-12-21 12:50:44.445root 11241100x8000000000000000723809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e780f2164633ff02021-12-21 12:50:44.445root 11241100x8000000000000000723810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdc720d22e53aca2021-12-21 12:50:44.445root 11241100x8000000000000000723811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a6724cb0b031452021-12-21 12:50:44.445root 11241100x8000000000000000723812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1cae7c5780f3de2021-12-21 12:50:44.445root 11241100x8000000000000000723813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c098d0231ed32fee2021-12-21 12:50:44.445root 11241100x8000000000000000723814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2409955c34dcd7c62021-12-21 12:50:44.445root 11241100x8000000000000000723815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d112abb3d052d7c2021-12-21 12:50:44.943root 11241100x8000000000000000723816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b259bd38df6bbb162021-12-21 12:50:44.943root 11241100x8000000000000000723817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e26a5319c558122021-12-21 12:50:44.943root 11241100x8000000000000000723818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f8f128cfea6e02021-12-21 12:50:44.943root 11241100x8000000000000000723819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670d513d7479789e2021-12-21 12:50:44.943root 11241100x8000000000000000723820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc66b464415c3ab62021-12-21 12:50:44.944root 11241100x8000000000000000723821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb7c2710dc3c452021-12-21 12:50:44.944root 11241100x8000000000000000723822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce20f061b98720e2021-12-21 12:50:44.944root 11241100x8000000000000000723823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ecbb2eaad1eff2021-12-21 12:50:44.944root 11241100x8000000000000000723824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192205f45e63d772021-12-21 12:50:44.944root 11241100x8000000000000000723825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a873411f645a5db2021-12-21 12:50:44.944root 11241100x8000000000000000723826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b141be35c18fda2021-12-21 12:50:44.944root 11241100x8000000000000000723827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73acdc083447606f2021-12-21 12:50:44.944root 11241100x8000000000000000723828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aecbd91e583f7262021-12-21 12:50:44.944root 11241100x8000000000000000723829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba59f33a9b2fe02021-12-21 12:50:44.944root 11241100x8000000000000000723830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e4673d3ce34f3c2021-12-21 12:50:44.944root 11241100x8000000000000000723831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92054e7078c6d1d02021-12-21 12:50:44.944root 11241100x8000000000000000723832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ae320f7713d002021-12-21 12:50:45.443root 11241100x8000000000000000723833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4abfbd9e6239962021-12-21 12:50:45.443root 11241100x8000000000000000723834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eb2983b51d6bc12021-12-21 12:50:45.443root 11241100x8000000000000000723835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed25a33a3154f0a72021-12-21 12:50:45.443root 11241100x8000000000000000723836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16425cf2fce40bf2021-12-21 12:50:45.443root 11241100x8000000000000000723837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1307d3a5061a6f2021-12-21 12:50:45.443root 11241100x8000000000000000723838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aab5af3b9e1bc02021-12-21 12:50:45.444root 11241100x8000000000000000723839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3da1461417a0582021-12-21 12:50:45.444root 11241100x8000000000000000723840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29800f67e4f90ea2021-12-21 12:50:45.444root 11241100x8000000000000000723841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72480fdd3b6107cd2021-12-21 12:50:45.444root 11241100x8000000000000000723842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dc1fa09cdf82032021-12-21 12:50:45.444root 11241100x8000000000000000723843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2b456209de58fc2021-12-21 12:50:45.444root 11241100x8000000000000000723844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ae437dfcd5c97a2021-12-21 12:50:45.444root 11241100x8000000000000000723845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2533175a9a6d8d82021-12-21 12:50:45.444root 11241100x8000000000000000723846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4184fb2c64f20ce12021-12-21 12:50:45.444root 11241100x8000000000000000723847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6178f893fa15a42021-12-21 12:50:45.444root 11241100x8000000000000000723848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3fa0af3f7a9a462021-12-21 12:50:45.444root 11241100x8000000000000000723849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21f476225644bb42021-12-21 12:50:45.943root 11241100x8000000000000000723850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60352bfbe2c4b61a2021-12-21 12:50:45.943root 11241100x8000000000000000723851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bd5ea216a98f32021-12-21 12:50:45.943root 11241100x8000000000000000723852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b632f0afed2002021-12-21 12:50:45.943root 11241100x8000000000000000723853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f3601fb9df27ed2021-12-21 12:50:45.943root 11241100x8000000000000000723854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb10fe382527358f2021-12-21 12:50:45.943root 11241100x8000000000000000723855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ad2d230486d9002021-12-21 12:50:45.943root 11241100x8000000000000000723856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168b55435c035ee12021-12-21 12:50:45.944root 11241100x8000000000000000723857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55612c750704f8e92021-12-21 12:50:45.944root 11241100x8000000000000000723858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1741eb9f1cef32021-12-21 12:50:45.944root 11241100x8000000000000000723859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff3a0f2242d80ff2021-12-21 12:50:45.944root 11241100x8000000000000000723860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e08232d99db2ac2021-12-21 12:50:45.944root 11241100x8000000000000000723861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b88c1529ab2d62021-12-21 12:50:45.944root 11241100x8000000000000000723862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d2cf81f87850c2021-12-21 12:50:45.944root 11241100x8000000000000000723863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1018d6acfe4851de2021-12-21 12:50:45.944root 11241100x8000000000000000723864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f343694a471ec02021-12-21 12:50:45.944root 11241100x8000000000000000723865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c54f8a537ac4d32021-12-21 12:50:45.944root 354300x8000000000000000723866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50568-false10.0.1.12-8000- 11241100x8000000000000000723867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41906839f777abd42021-12-21 12:50:46.443root 11241100x8000000000000000723868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbcf97c3eeed8202021-12-21 12:50:46.443root 11241100x8000000000000000723869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ad49ca2ea13e252021-12-21 12:50:46.443root 11241100x8000000000000000723870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d053464f8c5e13e12021-12-21 12:50:46.443root 11241100x8000000000000000723871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae472234911f42942021-12-21 12:50:46.444root 11241100x8000000000000000723872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5543950616ce032021-12-21 12:50:46.444root 11241100x8000000000000000723873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef2ce69b559c2f92021-12-21 12:50:46.444root 11241100x8000000000000000723874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc16661eae6441b2021-12-21 12:50:46.444root 11241100x8000000000000000723875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb4dcf28ce690d42021-12-21 12:50:46.444root 11241100x8000000000000000723876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c832c9578eb8182021-12-21 12:50:46.444root 11241100x8000000000000000723877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b7722401984cd2021-12-21 12:50:46.444root 11241100x8000000000000000723878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0bb943f78cd6682021-12-21 12:50:46.444root 11241100x8000000000000000723879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1092ced38ccd2e2021-12-21 12:50:46.444root 11241100x8000000000000000723880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f301bfc45fe5da3b2021-12-21 12:50:46.444root 11241100x8000000000000000723881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5264580707c8282021-12-21 12:50:46.445root 11241100x8000000000000000723882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85487e663c0b3e2f2021-12-21 12:50:46.445root 11241100x8000000000000000723883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b74cfdedc7372c2021-12-21 12:50:46.445root 11241100x8000000000000000723884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbaa38e5d6c26332021-12-21 12:50:46.445root 11241100x8000000000000000723885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762ef5ea1399a9672021-12-21 12:50:46.943root 11241100x8000000000000000723886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4874820864d263702021-12-21 12:50:46.943root 11241100x8000000000000000723887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d10a4e7e80762fd2021-12-21 12:50:46.943root 11241100x8000000000000000723888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72cc71bf23a131a2021-12-21 12:50:46.943root 11241100x8000000000000000723889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710c39ce0b970dd2021-12-21 12:50:46.944root 11241100x8000000000000000723890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a9200322b554442021-12-21 12:50:46.944root 11241100x8000000000000000723891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13be5f6ca0ce6022021-12-21 12:50:46.944root 11241100x8000000000000000723892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526b4299c1c24f22021-12-21 12:50:46.944root 11241100x8000000000000000723893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ecd99029f85ab2021-12-21 12:50:46.944root 11241100x8000000000000000723894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e683bed4e3c4ef22021-12-21 12:50:46.944root 11241100x8000000000000000723895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42a89cb6a654cf62021-12-21 12:50:46.944root 11241100x8000000000000000723896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ad19cffa6e9f522021-12-21 12:50:46.944root 11241100x8000000000000000723897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc4a59cc2d0b2512021-12-21 12:50:46.944root 11241100x8000000000000000723898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ad1038a7a312b72021-12-21 12:50:46.944root 11241100x8000000000000000723899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280127dba6c8af92021-12-21 12:50:46.945root 11241100x8000000000000000723900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92283cef111abdc92021-12-21 12:50:46.945root 11241100x8000000000000000723901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51257d1aaacf2a862021-12-21 12:50:46.945root 11241100x8000000000000000723902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f403273d4c91d182021-12-21 12:50:46.945root 11241100x8000000000000000723903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472db3f74f6788c92021-12-21 12:50:47.443root 11241100x8000000000000000723904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f144331a9e73c43d2021-12-21 12:50:47.443root 11241100x8000000000000000723905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018887ebb2fd3ef12021-12-21 12:50:47.443root 11241100x8000000000000000723906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd239a08f2aabd2021-12-21 12:50:47.443root 11241100x8000000000000000723907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebd51cfeac10d2a2021-12-21 12:50:47.443root 11241100x8000000000000000723908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7dec11982c5d432021-12-21 12:50:47.444root 11241100x8000000000000000723909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b084ec8e53dcdd62021-12-21 12:50:47.444root 11241100x8000000000000000723910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fba9da24b90eb2e2021-12-21 12:50:47.444root 11241100x8000000000000000723911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d2dec3b1a793e62021-12-21 12:50:47.444root 11241100x8000000000000000723912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d819ca572899c2021-12-21 12:50:47.444root 11241100x8000000000000000723913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6a1813e05118d2021-12-21 12:50:47.444root 11241100x8000000000000000723914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fadfe0e17aa9da92021-12-21 12:50:47.444root 11241100x8000000000000000723915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deec98fcf7a6f632021-12-21 12:50:47.444root 11241100x8000000000000000723916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a17c1d7cf42a1842021-12-21 12:50:47.444root 11241100x8000000000000000723917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd213be45c16d942021-12-21 12:50:47.444root 11241100x8000000000000000723918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68cc77ff2b847b82021-12-21 12:50:47.444root 11241100x8000000000000000723919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2119d5001256c62021-12-21 12:50:47.444root 11241100x8000000000000000723920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb87fa84729dce8b2021-12-21 12:50:47.444root 11241100x8000000000000000723921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520bb8c65be23cbe2021-12-21 12:50:47.943root 11241100x8000000000000000723922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252e3257f69a15ba2021-12-21 12:50:47.943root 11241100x8000000000000000723923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010608f653b1d222021-12-21 12:50:47.943root 11241100x8000000000000000723924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341893bb2ae7dad82021-12-21 12:50:47.943root 11241100x8000000000000000723925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f36d8b52bb4f3e2021-12-21 12:50:47.944root 11241100x8000000000000000723926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c698e4f7d01422021-12-21 12:50:47.944root 11241100x8000000000000000723927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbbd4f6964f1f3f2021-12-21 12:50:47.944root 11241100x8000000000000000723928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab39b70fb8e577b2021-12-21 12:50:47.944root 11241100x8000000000000000723929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ceaf71f27df32192021-12-21 12:50:47.944root 11241100x8000000000000000723930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9bb432d64f703b2021-12-21 12:50:47.944root 11241100x8000000000000000723931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbbdeabf21f08232021-12-21 12:50:47.944root 11241100x8000000000000000723932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2052998a5f8a8f402021-12-21 12:50:47.944root 11241100x8000000000000000723933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf0f5b774b2dec32021-12-21 12:50:47.944root 11241100x8000000000000000723934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98d6b9f4c6c465e2021-12-21 12:50:47.944root 11241100x8000000000000000723935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53069a0c628bfa3b2021-12-21 12:50:47.944root 11241100x8000000000000000723936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deacbfc95e3a6bb52021-12-21 12:50:47.944root 11241100x8000000000000000723937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c41f2afba97005d2021-12-21 12:50:47.944root 11241100x8000000000000000723938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93cc65f0648d2dc2021-12-21 12:50:47.944root 11241100x8000000000000000723939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91c969263d299c02021-12-21 12:50:48.443root 11241100x8000000000000000723940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab602fc0fa7e1302021-12-21 12:50:48.443root 11241100x8000000000000000723941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af7f44bbd61129f2021-12-21 12:50:48.443root 11241100x8000000000000000723942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98e163ad2d82dca2021-12-21 12:50:48.443root 11241100x8000000000000000723943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f2b7888e7c06a2021-12-21 12:50:48.443root 11241100x8000000000000000723944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f87be24b78bd25b2021-12-21 12:50:48.444root 11241100x8000000000000000723945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5114b197c7b888732021-12-21 12:50:48.444root 11241100x8000000000000000723946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6a2490415d63942021-12-21 12:50:48.444root 11241100x8000000000000000723947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0777238882c7c2362021-12-21 12:50:48.444root 11241100x8000000000000000723948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8903dd08d916bf2021-12-21 12:50:48.444root 11241100x8000000000000000723949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39749eee9c8b37af2021-12-21 12:50:48.444root 11241100x8000000000000000723950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87672e3ea5a8b292021-12-21 12:50:48.444root 11241100x8000000000000000723951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8493fea812fd9d2021-12-21 12:50:48.444root 11241100x8000000000000000723952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5813a18811cf5412021-12-21 12:50:48.444root 11241100x8000000000000000723953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae047b58e017475d2021-12-21 12:50:48.444root 11241100x8000000000000000723954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9273f7e095695f2b2021-12-21 12:50:48.444root 11241100x8000000000000000723955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53b7587040ae1f2021-12-21 12:50:48.444root 11241100x8000000000000000723956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ab8da51d52bd7f2021-12-21 12:50:48.444root 11241100x8000000000000000723957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be20daf17f5a0922021-12-21 12:50:48.943root 11241100x8000000000000000723958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162b53cfe1130552021-12-21 12:50:48.943root 11241100x8000000000000000723959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc6dec39091cef2021-12-21 12:50:48.943root 11241100x8000000000000000723960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b0160b01d4ef952021-12-21 12:50:48.944root 11241100x8000000000000000723961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8466d97c5d9668662021-12-21 12:50:48.944root 11241100x8000000000000000723962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733d94bbe99a5a5c2021-12-21 12:50:48.944root 11241100x8000000000000000723963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aed72bad531797f2021-12-21 12:50:48.944root 11241100x8000000000000000723964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bd9e102fef51202021-12-21 12:50:48.944root 11241100x8000000000000000723965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5374eee323159c092021-12-21 12:50:48.944root 11241100x8000000000000000723966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e94f75e7f57a7232021-12-21 12:50:48.944root 11241100x8000000000000000723967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0957d1a5de916bfa2021-12-21 12:50:48.944root 11241100x8000000000000000723968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cc7906328a135c2021-12-21 12:50:48.944root 11241100x8000000000000000723969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bf98ed761e6d6e2021-12-21 12:50:48.944root 11241100x8000000000000000723970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54795d035052662021-12-21 12:50:48.944root 11241100x8000000000000000723971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa0313d23bd75222021-12-21 12:50:48.944root 11241100x8000000000000000723972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc821b2db4c1dcc2021-12-21 12:50:48.944root 11241100x8000000000000000723973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc82aec40148ae412021-12-21 12:50:48.944root 11241100x8000000000000000723974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c27f32f94f3d602021-12-21 12:50:48.945root 11241100x8000000000000000723975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb48c8b11898c7b02021-12-21 12:50:49.443root 11241100x8000000000000000723976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5f5de3124fb6d2021-12-21 12:50:49.443root 11241100x8000000000000000723977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be4bafd42c27742021-12-21 12:50:49.443root 11241100x8000000000000000723978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2662731a412867a52021-12-21 12:50:49.443root 11241100x8000000000000000723979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c2384c6fb755992021-12-21 12:50:49.443root 11241100x8000000000000000723980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff2b63364bc6ae82021-12-21 12:50:49.444root 11241100x8000000000000000723981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700745286a8b5452021-12-21 12:50:49.444root 11241100x8000000000000000723982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162e82c0d7e435cb2021-12-21 12:50:49.444root 11241100x8000000000000000723983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2b0365b2f489672021-12-21 12:50:49.444root 11241100x8000000000000000723984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc472d3fd1562f4b2021-12-21 12:50:49.444root 11241100x8000000000000000723985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb258a036f7131ff2021-12-21 12:50:49.444root 11241100x8000000000000000723986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c1bab32539ce842021-12-21 12:50:49.444root 11241100x8000000000000000723987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f4edd8e09072032021-12-21 12:50:49.444root 11241100x8000000000000000723988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9856277560e7f22021-12-21 12:50:49.444root 11241100x8000000000000000723989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320559ed49a225a62021-12-21 12:50:49.444root 11241100x8000000000000000723990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563928ae7eb7c2432021-12-21 12:50:49.444root 11241100x8000000000000000723991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4c42d4b5ead212021-12-21 12:50:49.444root 11241100x8000000000000000723992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e0c1322ec792f2021-12-21 12:50:49.444root 11241100x8000000000000000723993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde0693bdd706a3e2021-12-21 12:50:49.943root 11241100x8000000000000000723994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96874dabba45d8542021-12-21 12:50:49.943root 11241100x8000000000000000723995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefff6397c5a9cf2021-12-21 12:50:49.943root 11241100x8000000000000000723996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71521d67e08785212021-12-21 12:50:49.943root 11241100x8000000000000000723997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca843c63a5e7a49a2021-12-21 12:50:49.943root 11241100x8000000000000000723998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494581c760a6d2492021-12-21 12:50:49.944root 11241100x8000000000000000723999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55c89f7a6a991ff2021-12-21 12:50:49.944root 11241100x8000000000000000724000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d5b4f52b3652ee2021-12-21 12:50:49.944root 11241100x8000000000000000724001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6c0c5cddfdb2a2021-12-21 12:50:49.944root 11241100x8000000000000000724002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b3c26e4febf9e2021-12-21 12:50:49.944root 11241100x8000000000000000724003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad1341922509872021-12-21 12:50:49.944root 11241100x8000000000000000724004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92523a554e69ad532021-12-21 12:50:49.944root 11241100x8000000000000000724005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e202a2d8be8851cf2021-12-21 12:50:49.944root 11241100x8000000000000000724006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6c78462987c132021-12-21 12:50:49.944root 11241100x8000000000000000724007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16b680249790252021-12-21 12:50:49.944root 11241100x8000000000000000724008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da20b9f068bfd11b2021-12-21 12:50:49.944root 11241100x8000000000000000724009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2908177a7293ab992021-12-21 12:50:49.944root 11241100x8000000000000000724010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79e029b13ea03fa2021-12-21 12:50:49.944root 11241100x8000000000000000724011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dfa1767dd180a12021-12-21 12:50:50.443root 11241100x8000000000000000724012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190536f6922d32fb2021-12-21 12:50:50.443root 11241100x8000000000000000724013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df91fceef35ee3052021-12-21 12:50:50.443root 11241100x8000000000000000724014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85501361a32f005f2021-12-21 12:50:50.443root 11241100x8000000000000000724015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1a2a02f8a9de402021-12-21 12:50:50.443root 11241100x8000000000000000724016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee067ce52e8721282021-12-21 12:50:50.444root 11241100x8000000000000000724017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cee11d5074462e2021-12-21 12:50:50.444root 11241100x8000000000000000724018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a0e51c3ada3a482021-12-21 12:50:50.444root 11241100x8000000000000000724019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131beaeef0b0931e2021-12-21 12:50:50.444root 11241100x8000000000000000724020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf61c2d797a69df2021-12-21 12:50:50.444root 11241100x8000000000000000724021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a61f507135f7f22021-12-21 12:50:50.444root 11241100x8000000000000000724022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b028989b8323072021-12-21 12:50:50.444root 11241100x8000000000000000724023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4fc6d093b450a2021-12-21 12:50:50.444root 11241100x8000000000000000724024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6265386d5fd679d02021-12-21 12:50:50.444root 11241100x8000000000000000724025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f0462f434eacc42021-12-21 12:50:50.444root 11241100x8000000000000000724026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fee7be74fbcb512021-12-21 12:50:50.444root 11241100x8000000000000000724027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa2a559474ad092021-12-21 12:50:50.444root 11241100x8000000000000000724028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d04bed8f180242e2021-12-21 12:50:50.444root 11241100x8000000000000000724029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc4f7ffc54f62ba2021-12-21 12:50:50.943root 11241100x8000000000000000724030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e9979b83919dfa2021-12-21 12:50:50.943root 11241100x8000000000000000724031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e00dbbdcb1e26f92021-12-21 12:50:50.944root 11241100x8000000000000000724032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63f8906a74c212d2021-12-21 12:50:50.944root 11241100x8000000000000000724033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1c8fecb3f204df2021-12-21 12:50:50.944root 11241100x8000000000000000724034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705ab8db798e5d782021-12-21 12:50:50.944root 11241100x8000000000000000724035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a77f45290c8fce2021-12-21 12:50:50.944root 11241100x8000000000000000724036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca16425ec06e5f2021-12-21 12:50:50.944root 11241100x8000000000000000724037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0680ed6cc7b5bba92021-12-21 12:50:50.944root 11241100x8000000000000000724038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e59a4978ef8460b2021-12-21 12:50:50.944root 11241100x8000000000000000724039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0596dc33ceeb3e9b2021-12-21 12:50:50.944root 11241100x8000000000000000724040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4166c5f32ac43dc2021-12-21 12:50:50.944root 11241100x8000000000000000724041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225ddec69734f9782021-12-21 12:50:50.944root 11241100x8000000000000000724042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b890eb8df3548042021-12-21 12:50:50.944root 11241100x8000000000000000724043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce8801fc07b48b02021-12-21 12:50:50.944root 11241100x8000000000000000724044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610c3f7497a559e2021-12-21 12:50:50.944root 11241100x8000000000000000724045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c5488a51641fb02021-12-21 12:50:50.944root 11241100x8000000000000000724046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d86b1b53fcc02b2021-12-21 12:50:50.944root 11241100x8000000000000000724047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c79dfdd0c5e82e62021-12-21 12:50:50.945root 11241100x8000000000000000724048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90ae665326b13952021-12-21 12:50:50.945root 11241100x8000000000000000724049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56acd7f378f204472021-12-21 12:50:50.945root 11241100x8000000000000000724050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea75681c259919dc2021-12-21 12:50:51.443root 11241100x8000000000000000724051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac457791d604cd2021-12-21 12:50:51.443root 11241100x8000000000000000724052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edbf24b45db29662021-12-21 12:50:51.443root 11241100x8000000000000000724053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fe73f52c4d09862021-12-21 12:50:51.443root 11241100x8000000000000000724054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e934330ac89dca52021-12-21 12:50:51.444root 11241100x8000000000000000724055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b2a56916f8ee242021-12-21 12:50:51.444root 11241100x8000000000000000724056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ffae5c366ae6e2021-12-21 12:50:51.444root 11241100x8000000000000000724057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e320c05a7ca252021-12-21 12:50:51.444root 11241100x8000000000000000724058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effa318acdff88cc2021-12-21 12:50:51.444root 11241100x8000000000000000724059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999b815ce0bf0df92021-12-21 12:50:51.444root 11241100x8000000000000000724060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7479fcef24078b52021-12-21 12:50:51.444root 11241100x8000000000000000724061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adae700ec00bc532021-12-21 12:50:51.444root 11241100x8000000000000000724062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032d1697255816ef2021-12-21 12:50:51.444root 11241100x8000000000000000724063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3001678fcff4ec2021-12-21 12:50:51.444root 11241100x8000000000000000724064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c305df189e4579d52021-12-21 12:50:51.444root 11241100x8000000000000000724065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deb81327d9f93bb2021-12-21 12:50:51.444root 11241100x8000000000000000724066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda2551f173a8c492021-12-21 12:50:51.444root 11241100x8000000000000000724067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e854b85fe0f86292021-12-21 12:50:51.444root 11241100x8000000000000000724068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452144a47ee43c592021-12-21 12:50:51.943root 11241100x8000000000000000724069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8023ba8d5f2992682021-12-21 12:50:51.943root 11241100x8000000000000000724070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49b2b2176f9134e2021-12-21 12:50:51.943root 11241100x8000000000000000724071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6016b266c04cf0032021-12-21 12:50:51.943root 11241100x8000000000000000724072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec128015caa33eb92021-12-21 12:50:51.943root 11241100x8000000000000000724073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281bcaf01f5032da2021-12-21 12:50:51.944root 11241100x8000000000000000724074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669dbff9344ebdc42021-12-21 12:50:51.944root 11241100x8000000000000000724075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85760ffd5207c7332021-12-21 12:50:51.944root 11241100x8000000000000000724076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0ca2c82dfe501e2021-12-21 12:50:51.944root 11241100x8000000000000000724077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eda034554726902021-12-21 12:50:51.944root 11241100x8000000000000000724078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14272cf1ff49832021-12-21 12:50:51.944root 11241100x8000000000000000724079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bcc31a450117ab2021-12-21 12:50:51.944root 11241100x8000000000000000724080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db470415754bda2021-12-21 12:50:51.944root 11241100x8000000000000000724081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a508ecea1a54b912021-12-21 12:50:51.944root 11241100x8000000000000000724082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db92e7f0c15ec832021-12-21 12:50:51.944root 11241100x8000000000000000724083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a3fd9fe3621392021-12-21 12:50:51.944root 11241100x8000000000000000724084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e29e4d431961ff42021-12-21 12:50:51.944root 11241100x8000000000000000724085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b346d4738a9dd92b2021-12-21 12:50:51.944root 354300x8000000000000000724086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50570-false10.0.1.12-8000- 11241100x8000000000000000724087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d9178ac5979e72021-12-21 12:50:52.443root 11241100x8000000000000000724088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5140e6f4141fb2021-12-21 12:50:52.443root 11241100x8000000000000000724089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0b3ede332f3182021-12-21 12:50:52.443root 11241100x8000000000000000724090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca70f34cff528aa42021-12-21 12:50:52.443root 11241100x8000000000000000724091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607923779aacd3f02021-12-21 12:50:52.443root 11241100x8000000000000000724092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd6bd3bcb6f57592021-12-21 12:50:52.444root 11241100x8000000000000000724093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6a7ba615c03e02021-12-21 12:50:52.444root 11241100x8000000000000000724094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec394bf5d17f9a2021-12-21 12:50:52.444root 11241100x8000000000000000724095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3c5777f22dff52021-12-21 12:50:52.444root 11241100x8000000000000000724096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce48677de2493292021-12-21 12:50:52.444root 11241100x8000000000000000724097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06934a011817dbf2021-12-21 12:50:52.444root 11241100x8000000000000000724098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881c22dc41aedc622021-12-21 12:50:52.444root 11241100x8000000000000000724099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945768925e19f4652021-12-21 12:50:52.444root 11241100x8000000000000000724100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b06fc65ce057c52021-12-21 12:50:52.444root 11241100x8000000000000000724101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0dd53f0a1d5382021-12-21 12:50:52.444root 11241100x8000000000000000724102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4629f2764b99429f2021-12-21 12:50:52.444root 11241100x8000000000000000724103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5361832056638e2021-12-21 12:50:52.444root 11241100x8000000000000000724104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b348b04184a6002021-12-21 12:50:52.444root 11241100x8000000000000000724105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf037fa3d921c5b2021-12-21 12:50:52.444root 11241100x8000000000000000724106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b985265fe8f56182021-12-21 12:50:52.943root 11241100x8000000000000000724107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a556e03144d34b6c2021-12-21 12:50:52.943root 11241100x8000000000000000724108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2d3ecfd8d501012021-12-21 12:50:52.943root 11241100x8000000000000000724109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066ec6263007f00d2021-12-21 12:50:52.943root 11241100x8000000000000000724110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0266e9525d83f1902021-12-21 12:50:52.944root 11241100x8000000000000000724111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cd8af2c771561a2021-12-21 12:50:52.944root 11241100x8000000000000000724112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb83b8be5ff98b6a2021-12-21 12:50:52.944root 11241100x8000000000000000724113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71f095652fb3d912021-12-21 12:50:52.944root 11241100x8000000000000000724114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e0a36a00e5d1cb2021-12-21 12:50:52.944root 11241100x8000000000000000724115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ebc187f3fcc58b2021-12-21 12:50:52.944root 11241100x8000000000000000724116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326812c582c41c42021-12-21 12:50:52.944root 11241100x8000000000000000724117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e56d536cf987c02021-12-21 12:50:52.944root 11241100x8000000000000000724118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e71684fb68d4862021-12-21 12:50:52.944root 11241100x8000000000000000724119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c424725e12aa7182021-12-21 12:50:52.944root 11241100x8000000000000000724120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d53c3e9357d23082021-12-21 12:50:52.944root 11241100x8000000000000000724121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eea04d7255aaef52021-12-21 12:50:52.944root 11241100x8000000000000000724122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b4e66ac6dee952021-12-21 12:50:52.944root 11241100x8000000000000000724123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180e0c0f67d35d342021-12-21 12:50:52.944root 11241100x8000000000000000724124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc433322844803012021-12-21 12:50:52.944root 11241100x8000000000000000724125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a2fea338c1db22021-12-21 12:50:53.443root 11241100x8000000000000000724126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9578b642a3ffb22021-12-21 12:50:53.443root 11241100x8000000000000000724127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021246cabcf840c82021-12-21 12:50:53.443root 11241100x8000000000000000724128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83bd9a615b3ae472021-12-21 12:50:53.443root 11241100x8000000000000000724129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d0d0ec9475ade2021-12-21 12:50:53.444root 11241100x8000000000000000724130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2724d57bac9eb202021-12-21 12:50:53.444root 11241100x8000000000000000724131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6117ede86d1dc5f92021-12-21 12:50:53.444root 11241100x8000000000000000724132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ce187cd36102cf2021-12-21 12:50:53.444root 11241100x8000000000000000724133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aad5ae52b59c232021-12-21 12:50:53.444root 11241100x8000000000000000724134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ca0dab0ef6ff72021-12-21 12:50:53.444root 11241100x8000000000000000724135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d90d2c6801ef772021-12-21 12:50:53.444root 11241100x8000000000000000724136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd27c0ca1ababcb82021-12-21 12:50:53.444root 11241100x8000000000000000724137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3922aa98b49b3472021-12-21 12:50:53.444root 11241100x8000000000000000724138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30abdc771f6d57dd2021-12-21 12:50:53.444root 11241100x8000000000000000724139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6e99fba4d38f9b2021-12-21 12:50:53.444root 11241100x8000000000000000724140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a52f37d7b2503782021-12-21 12:50:53.444root 11241100x8000000000000000724141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c063492c9ac3142021-12-21 12:50:53.444root 11241100x8000000000000000724142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d51acf73f958482021-12-21 12:50:53.444root 11241100x8000000000000000724143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6c9e4715523f942021-12-21 12:50:53.444root 11241100x8000000000000000724144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c557a23092fefd2021-12-21 12:50:53.943root 11241100x8000000000000000724145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74d4f6328ccdfee2021-12-21 12:50:53.943root 11241100x8000000000000000724146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e963aaa6f0e8f12021-12-21 12:50:53.943root 11241100x8000000000000000724147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f03a25163e9dc2021-12-21 12:50:53.943root 11241100x8000000000000000724148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0aa89b75e96652021-12-21 12:50:53.944root 11241100x8000000000000000724149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78aa1399efd5a752021-12-21 12:50:53.944root 11241100x8000000000000000724150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d6101a390fdac92021-12-21 12:50:53.944root 11241100x8000000000000000724151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783feeb869f72fa2021-12-21 12:50:53.944root 11241100x8000000000000000724152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3577d7d0b7291b522021-12-21 12:50:53.944root 11241100x8000000000000000724153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5226b84422405fb2021-12-21 12:50:53.944root 11241100x8000000000000000724154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db060229b891c0922021-12-21 12:50:53.944root 11241100x8000000000000000724155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08d0a3bee4832292021-12-21 12:50:53.944root 11241100x8000000000000000724156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7477f08ec167f8432021-12-21 12:50:53.944root 11241100x8000000000000000724157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c246d3dd3246a1f92021-12-21 12:50:53.944root 11241100x8000000000000000724158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c1dc98c5478c1d2021-12-21 12:50:53.944root 11241100x8000000000000000724159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16bfd7740fb5fa22021-12-21 12:50:53.944root 11241100x8000000000000000724160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae26c765f4f194582021-12-21 12:50:53.944root 11241100x8000000000000000724161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b0549bcdb8d6a52021-12-21 12:50:53.944root 11241100x8000000000000000724162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9566414ff520c61e2021-12-21 12:50:53.944root 11241100x8000000000000000724163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee70aa575c3c422021-12-21 12:50:54.443root 11241100x8000000000000000724164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d934158546b1d5c2021-12-21 12:50:54.443root 11241100x8000000000000000724165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762681e568cbd6d42021-12-21 12:50:54.443root 11241100x8000000000000000724166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36634ffd76e6fe32021-12-21 12:50:54.443root 11241100x8000000000000000724167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ee20b0c17a7c32021-12-21 12:50:54.444root 11241100x8000000000000000724168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100f6f9c868994622021-12-21 12:50:54.444root 11241100x8000000000000000724169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3f5e3f2cd889ef2021-12-21 12:50:54.444root 11241100x8000000000000000724170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d869e2570412856b2021-12-21 12:50:54.444root 11241100x8000000000000000724171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657c89d42f8b0cfc2021-12-21 12:50:54.444root 11241100x8000000000000000724172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e06f0a9970246c2021-12-21 12:50:54.444root 11241100x8000000000000000724173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b193fcb0c5ede2021-12-21 12:50:54.444root 11241100x8000000000000000724174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e139d2d245e9f8472021-12-21 12:50:54.444root 11241100x8000000000000000724175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d57aaaeaec5d92021-12-21 12:50:54.444root 11241100x8000000000000000724176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19aac4cef673e112021-12-21 12:50:54.444root 11241100x8000000000000000724177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1ff6c0736ef8062021-12-21 12:50:54.444root 11241100x8000000000000000724178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eda8f9cd52956972021-12-21 12:50:54.444root 11241100x8000000000000000724179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57305ac198bf69c2021-12-21 12:50:54.444root 11241100x8000000000000000724180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b0fe0854065e0b2021-12-21 12:50:54.444root 11241100x8000000000000000724181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d8c6c55c6c02ac2021-12-21 12:50:54.444root 11241100x8000000000000000724182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94da38bc38beb6cd2021-12-21 12:50:54.943root 11241100x8000000000000000724183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8514cf1c9bbe292021-12-21 12:50:54.943root 11241100x8000000000000000724184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300dd6cfe22346c2021-12-21 12:50:54.943root 11241100x8000000000000000724185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa3408212a46962021-12-21 12:50:54.944root 11241100x8000000000000000724186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3cb7e8cd4b42d32021-12-21 12:50:54.944root 11241100x8000000000000000724187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc6120da1685a4d2021-12-21 12:50:54.944root 11241100x8000000000000000724188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bfa40c6edc233f2021-12-21 12:50:54.944root 11241100x8000000000000000724189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ecff2534260a42021-12-21 12:50:54.944root 11241100x8000000000000000724190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c835a6e1a1f99a2021-12-21 12:50:54.944root 11241100x8000000000000000724191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cd959c235ebb872021-12-21 12:50:54.944root 11241100x8000000000000000724192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a258558cb224b52021-12-21 12:50:54.944root 11241100x8000000000000000724193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5beeb8e2d4d810e2021-12-21 12:50:54.944root 11241100x8000000000000000724194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3511f7654be9905a2021-12-21 12:50:54.944root 11241100x8000000000000000724195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57532ce258dd5282021-12-21 12:50:54.944root 11241100x8000000000000000724196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe38a1ce33c71c2021-12-21 12:50:54.944root 11241100x8000000000000000724197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8438ef00945b9d82021-12-21 12:50:54.945root 11241100x8000000000000000724198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0019245c217741912021-12-21 12:50:54.945root 11241100x8000000000000000724199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccad32e64f8147132021-12-21 12:50:54.945root 11241100x8000000000000000724200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0533140ad857daf72021-12-21 12:50:54.945root 11241100x8000000000000000724201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b1e61f05845a5a2021-12-21 12:50:55.443root 11241100x8000000000000000724202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce5f8d979bc03d2021-12-21 12:50:55.443root 11241100x8000000000000000724203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e666c1bc934a2b2f2021-12-21 12:50:55.443root 11241100x8000000000000000724204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714a78abfd34cc22021-12-21 12:50:55.443root 11241100x8000000000000000724205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4a6aecfd6a13502021-12-21 12:50:55.444root 11241100x8000000000000000724206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a727938eb6fcc8a12021-12-21 12:50:55.444root 11241100x8000000000000000724207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61454c56d511d36e2021-12-21 12:50:55.444root 11241100x8000000000000000724208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9cc64e3c67c85c2021-12-21 12:50:55.444root 11241100x8000000000000000724209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4478421fdaad852021-12-21 12:50:55.444root 11241100x8000000000000000724210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e9c012084859632021-12-21 12:50:55.444root 11241100x8000000000000000724211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903dd61421dee372021-12-21 12:50:55.444root 11241100x8000000000000000724212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9bbeeb9f0e30492021-12-21 12:50:55.444root 11241100x8000000000000000724213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508aa8e3628495bc2021-12-21 12:50:55.444root 11241100x8000000000000000724214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c050bde1be0bc212021-12-21 12:50:55.444root 11241100x8000000000000000724215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f888b144dd10b7142021-12-21 12:50:55.444root 11241100x8000000000000000724216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06779afaca4a58c32021-12-21 12:50:55.444root 11241100x8000000000000000724217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1f81febf841b132021-12-21 12:50:55.444root 11241100x8000000000000000724218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721dfe55ad4b7a12021-12-21 12:50:55.444root 11241100x8000000000000000724219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fae6367d6cb35f2021-12-21 12:50:55.444root 11241100x8000000000000000724220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb217a83e77a752021-12-21 12:50:55.943root 11241100x8000000000000000724221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d63e565382b5ce92021-12-21 12:50:55.943root 11241100x8000000000000000724222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0992cf261c601b32021-12-21 12:50:55.943root 11241100x8000000000000000724223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e5334372797d732021-12-21 12:50:55.943root 11241100x8000000000000000724224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df53f11f0805487e2021-12-21 12:50:55.944root 11241100x8000000000000000724225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d36ba4e84ef5c042021-12-21 12:50:55.944root 11241100x8000000000000000724226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5777950768093da72021-12-21 12:50:55.944root 11241100x8000000000000000724227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449a6a011d2bf76d2021-12-21 12:50:55.944root 11241100x8000000000000000724228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a744fe1febb8be7e2021-12-21 12:50:55.944root 11241100x8000000000000000724229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280acfff15f218842021-12-21 12:50:55.944root 11241100x8000000000000000724230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846042a2692dc9092021-12-21 12:50:55.944root 11241100x8000000000000000724231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3485ce1c3a26de702021-12-21 12:50:55.944root 11241100x8000000000000000724232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe694480ba4c627c2021-12-21 12:50:55.944root 11241100x8000000000000000724233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558801361c490d922021-12-21 12:50:55.944root 11241100x8000000000000000724234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd6f1fa08869c072021-12-21 12:50:55.944root 11241100x8000000000000000724235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ecedb657a420c52021-12-21 12:50:55.944root 11241100x8000000000000000724236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738feb364ac8b9a52021-12-21 12:50:55.944root 11241100x8000000000000000724237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa0e4c8af85230b2021-12-21 12:50:55.944root 11241100x8000000000000000724238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6245d19e56417d22021-12-21 12:50:55.944root 11241100x8000000000000000724239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5a6ab93abd32652021-12-21 12:50:56.443root 11241100x8000000000000000724240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc2ef5a27b09d202021-12-21 12:50:56.443root 11241100x8000000000000000724241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7a87467ea75cf32021-12-21 12:50:56.444root 11241100x8000000000000000724242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45c2fcb1417e2ed2021-12-21 12:50:56.444root 11241100x8000000000000000724243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb928f4e769e7d72021-12-21 12:50:56.444root 11241100x8000000000000000724244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf003c92e84416532021-12-21 12:50:56.444root 11241100x8000000000000000724245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e1f4c50cba08682021-12-21 12:50:56.444root 11241100x8000000000000000724246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2644144df9051aab2021-12-21 12:50:56.444root 11241100x8000000000000000724247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce2aa8b0dad1a962021-12-21 12:50:56.444root 11241100x8000000000000000724248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a7ecfa615624a72021-12-21 12:50:56.445root 11241100x8000000000000000724249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad0f39304bbde862021-12-21 12:50:56.445root 11241100x8000000000000000724250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23661c286450c42021-12-21 12:50:56.445root 11241100x8000000000000000724251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94f8987f2d28da12021-12-21 12:50:56.445root 11241100x8000000000000000724252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25659e29b8dbbbd12021-12-21 12:50:56.445root 11241100x8000000000000000724253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb474545d31d1f22021-12-21 12:50:56.445root 11241100x8000000000000000724254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5609f1b9229dc402021-12-21 12:50:56.445root 11241100x8000000000000000724255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6753911fc0a092a2021-12-21 12:50:56.445root 11241100x8000000000000000724256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74566bad1b3c40282021-12-21 12:50:56.445root 11241100x8000000000000000724257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa0c06b6237873d2021-12-21 12:50:56.445root 11241100x8000000000000000724258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34395c297fe924112021-12-21 12:50:56.943root 11241100x8000000000000000724259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20af4843bf0bb912021-12-21 12:50:56.943root 11241100x8000000000000000724260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2d3ee09083009d2021-12-21 12:50:56.943root 11241100x8000000000000000724261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e193373f44c003632021-12-21 12:50:56.944root 11241100x8000000000000000724262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c4cf75b5bccc6e2021-12-21 12:50:56.944root 11241100x8000000000000000724263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0629a2418bfa2d992021-12-21 12:50:56.944root 11241100x8000000000000000724264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284618e6b0c66a4f2021-12-21 12:50:56.944root 11241100x8000000000000000724265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e985cb4fd85998512021-12-21 12:50:56.944root 11241100x8000000000000000724266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d12bbd430965902021-12-21 12:50:56.944root 11241100x8000000000000000724267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18841490dc9008f2021-12-21 12:50:56.944root 11241100x8000000000000000724268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125d7a55cec1f3c62021-12-21 12:50:56.944root 11241100x8000000000000000724269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5ae1eb0a8c24772021-12-21 12:50:56.944root 11241100x8000000000000000724270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163fceaa1bc7093d2021-12-21 12:50:56.944root 11241100x8000000000000000724271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dc7e9d4ad54fe32021-12-21 12:50:56.944root 11241100x8000000000000000724272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d023486494eb82021-12-21 12:50:56.944root 11241100x8000000000000000724273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376c985b8ccb2a232021-12-21 12:50:56.944root 11241100x8000000000000000724274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18108a0ccaaaff002021-12-21 12:50:56.945root 11241100x8000000000000000724275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968344a507b3cb202021-12-21 12:50:56.945root 11241100x8000000000000000724276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7184e6dfcdac643e2021-12-21 12:50:56.945root 11241100x8000000000000000724277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be7a3380be23af2021-12-21 12:50:57.443root 11241100x8000000000000000724278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d9377ee5b5b052021-12-21 12:50:57.443root 11241100x8000000000000000724279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f853319f33b5d62021-12-21 12:50:57.443root 11241100x8000000000000000724280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d4c13a12aab3842021-12-21 12:50:57.443root 11241100x8000000000000000724281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d7367e1afd4b22021-12-21 12:50:57.444root 11241100x8000000000000000724282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bc22868c94254a2021-12-21 12:50:57.444root 11241100x8000000000000000724283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d7041b50d90152021-12-21 12:50:57.444root 11241100x8000000000000000724284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d9eee729e90df02021-12-21 12:50:57.444root 11241100x8000000000000000724285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10264e275e94c0862021-12-21 12:50:57.444root 11241100x8000000000000000724286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84b9436186bcb922021-12-21 12:50:57.444root 11241100x8000000000000000724287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d55b1da6d0bcc102021-12-21 12:50:57.444root 11241100x8000000000000000724288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720aa844d5b5f6942021-12-21 12:50:57.444root 11241100x8000000000000000724289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cd9e40a89a26942021-12-21 12:50:57.444root 11241100x8000000000000000724290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee1122788c53f22021-12-21 12:50:57.444root 11241100x8000000000000000724291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba8a9cb702c20952021-12-21 12:50:57.444root 11241100x8000000000000000724292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe564fcc2f2033a2021-12-21 12:50:57.444root 11241100x8000000000000000724293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e840fd11ecc17d2021-12-21 12:50:57.444root 11241100x8000000000000000724294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d1e8646f8a07b12021-12-21 12:50:57.444root 11241100x8000000000000000724295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf445492133bb5c62021-12-21 12:50:57.445root 11241100x8000000000000000724296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5148be54879d47e2021-12-21 12:50:57.943root 11241100x8000000000000000724297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14872010ccb449882021-12-21 12:50:57.943root 11241100x8000000000000000724298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea6d5384e5e0b022021-12-21 12:50:57.943root 11241100x8000000000000000724299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2997fe9d270545c52021-12-21 12:50:57.944root 11241100x8000000000000000724300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7e29a448a50c12021-12-21 12:50:57.944root 11241100x8000000000000000724301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c380f2ad6513b8182021-12-21 12:50:57.944root 11241100x8000000000000000724302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e3de064e42432f2021-12-21 12:50:57.944root 11241100x8000000000000000724303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4ce8c6f0569b482021-12-21 12:50:57.944root 11241100x8000000000000000724304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8e4a3664bad67e2021-12-21 12:50:57.944root 11241100x8000000000000000724305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f43f9b7f3e1dae2021-12-21 12:50:57.944root 11241100x8000000000000000724306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984a055401c7cabd2021-12-21 12:50:57.944root 11241100x8000000000000000724307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bff8412c2384362021-12-21 12:50:57.944root 11241100x8000000000000000724308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eecc540623cce52021-12-21 12:50:57.944root 11241100x8000000000000000724309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea140744ed7ad3992021-12-21 12:50:57.944root 11241100x8000000000000000724310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5df05b76617cf2d2021-12-21 12:50:57.944root 11241100x8000000000000000724311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd459d33a6c3422021-12-21 12:50:57.944root 11241100x8000000000000000724312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4b8e01579f45bd2021-12-21 12:50:57.944root 11241100x8000000000000000724313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd44a6b55b2ae172021-12-21 12:50:57.944root 11241100x8000000000000000724314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8566b9e6f78a722021-12-21 12:50:57.944root 354300x8000000000000000724315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.021{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50572-false10.0.1.12-8000- 11241100x8000000000000000724316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a92daaedc2a1332021-12-21 12:50:58.443root 11241100x8000000000000000724317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae70e319dd540572021-12-21 12:50:58.443root 11241100x8000000000000000724318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb55e852ed259df82021-12-21 12:50:58.443root 11241100x8000000000000000724319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7dba7d588a890e2021-12-21 12:50:58.444root 11241100x8000000000000000724320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d86823a2e4658e2021-12-21 12:50:58.444root 11241100x8000000000000000724321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4978c4af47eaa4602021-12-21 12:50:58.444root 11241100x8000000000000000724322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a0c57061e7f9412021-12-21 12:50:58.444root 11241100x8000000000000000724323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee055fe28ae9cc9c2021-12-21 12:50:58.444root 11241100x8000000000000000724324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c7cda277a0aa1e2021-12-21 12:50:58.444root 11241100x8000000000000000724325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f819ac78c41c2582021-12-21 12:50:58.444root 11241100x8000000000000000724326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54dbb576fb415112021-12-21 12:50:58.444root 11241100x8000000000000000724327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1866182e2a06062021-12-21 12:50:58.444root 11241100x8000000000000000724328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2987e4ca5bc11dd2021-12-21 12:50:58.444root 11241100x8000000000000000724329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e270e65a2e4be992021-12-21 12:50:58.444root 11241100x8000000000000000724330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df04b967d099fbc2021-12-21 12:50:58.444root 11241100x8000000000000000724331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2825a9441d3958c52021-12-21 12:50:58.444root 11241100x8000000000000000724332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479009459a93e97f2021-12-21 12:50:58.444root 11241100x8000000000000000724333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d0fa826d40e9772021-12-21 12:50:58.444root 11241100x8000000000000000724334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00b26a23daa60062021-12-21 12:50:58.445root 11241100x8000000000000000724335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d5cad10a504722021-12-21 12:50:58.445root 11241100x8000000000000000724336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6a02b42d8f8b9c2021-12-21 12:50:58.943root 11241100x8000000000000000724337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa79eaa5d644a302021-12-21 12:50:58.943root 11241100x8000000000000000724338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335ec9c6d9f842a62021-12-21 12:50:58.943root 11241100x8000000000000000724339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8678194da810212021-12-21 12:50:58.943root 11241100x8000000000000000724340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40d07e8a52376f82021-12-21 12:50:58.944root 11241100x8000000000000000724341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bc6faa8c18e04b2021-12-21 12:50:58.944root 11241100x8000000000000000724342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d31393d5dfe9bb2021-12-21 12:50:58.944root 11241100x8000000000000000724343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9cf4eaac66ae472021-12-21 12:50:58.944root 11241100x8000000000000000724344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3414bf32b7def57f2021-12-21 12:50:58.944root 11241100x8000000000000000724345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd4870d95954e422021-12-21 12:50:58.944root 11241100x8000000000000000724346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa4e50f8946923e2021-12-21 12:50:58.944root 11241100x8000000000000000724347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f79f1dc271bd7fc2021-12-21 12:50:58.944root 11241100x8000000000000000724348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47f9b3e27dab472021-12-21 12:50:58.944root 11241100x8000000000000000724349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd3fd863a451af42021-12-21 12:50:58.944root 11241100x8000000000000000724350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb702496f0bb96e72021-12-21 12:50:58.944root 11241100x8000000000000000724351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748b739473fc0e0d2021-12-21 12:50:58.944root 11241100x8000000000000000724352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532f6fc243b223132021-12-21 12:50:58.944root 11241100x8000000000000000724353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f978b83c9aa3d3b2021-12-21 12:50:58.945root 11241100x8000000000000000724354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bef0692c9052cbe2021-12-21 12:50:58.945root 11241100x8000000000000000724355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509d1f3b74a27f342021-12-21 12:50:58.945root 11241100x8000000000000000724356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322e3e592be0560c2021-12-21 12:50:59.443root 11241100x8000000000000000724357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed886dc426a889f62021-12-21 12:50:59.443root 11241100x8000000000000000724358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d32ce6e17dd13bd2021-12-21 12:50:59.443root 11241100x8000000000000000724359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c174d61981ce79d2021-12-21 12:50:59.443root 11241100x8000000000000000724360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9771f919f29d32122021-12-21 12:50:59.444root 11241100x8000000000000000724361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8d8ebf7d5433d02021-12-21 12:50:59.444root 11241100x8000000000000000724362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313cd74519bfde822021-12-21 12:50:59.444root 11241100x8000000000000000724363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f156010dae87e3e62021-12-21 12:50:59.444root 11241100x8000000000000000724364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cf09d96778e2992021-12-21 12:50:59.444root 11241100x8000000000000000724365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d9c708052f53f2021-12-21 12:50:59.444root 11241100x8000000000000000724366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28690b8ec8347ae22021-12-21 12:50:59.444root 11241100x8000000000000000724367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f193891a16bc8852021-12-21 12:50:59.444root 11241100x8000000000000000724368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424c0102efc7af1d2021-12-21 12:50:59.444root 11241100x8000000000000000724369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf4b766e466f5d72021-12-21 12:50:59.444root 11241100x8000000000000000724370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df6683d2fed2b8a2021-12-21 12:50:59.444root 11241100x8000000000000000724371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ee81ba5d7d85a2021-12-21 12:50:59.444root 11241100x8000000000000000724372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2814d0e81f822782021-12-21 12:50:59.444root 11241100x8000000000000000724373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d7bdf674024302021-12-21 12:50:59.444root 11241100x8000000000000000724374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be559ff461ceb22021-12-21 12:50:59.444root 11241100x8000000000000000724375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e705c4657e77c1982021-12-21 12:50:59.444root 11241100x8000000000000000724376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65ccb737f47da1b2021-12-21 12:50:59.943root 11241100x8000000000000000724377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2cb6cc89419ca32021-12-21 12:50:59.943root 11241100x8000000000000000724378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be8f1327ddf90552021-12-21 12:50:59.943root 11241100x8000000000000000724379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b3f564c2fe94292021-12-21 12:50:59.943root 11241100x8000000000000000724380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c7d4c359a7b7602021-12-21 12:50:59.944root 11241100x8000000000000000724381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acc6f00d5654fc42021-12-21 12:50:59.944root 11241100x8000000000000000724382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e0b2c8944c433a2021-12-21 12:50:59.944root 11241100x8000000000000000724383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebba12fccc380742021-12-21 12:50:59.944root 11241100x8000000000000000724384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125c40266fd191382021-12-21 12:50:59.944root 11241100x8000000000000000724385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ea87677dbe4b022021-12-21 12:50:59.944root 11241100x8000000000000000724386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a652f2431a17dfd12021-12-21 12:50:59.944root 11241100x8000000000000000724387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d17a469aa7984e2021-12-21 12:50:59.944root 11241100x8000000000000000724388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a58f3f8de45905b2021-12-21 12:50:59.944root 11241100x8000000000000000724389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e719562943f8a2021-12-21 12:50:59.944root 11241100x8000000000000000724390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266374a1e506dd012021-12-21 12:50:59.944root 11241100x8000000000000000724391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f8d012a16fd72e2021-12-21 12:50:59.944root 11241100x8000000000000000724392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ac5a477525fcb32021-12-21 12:50:59.944root 11241100x8000000000000000724393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2bcd3142777d872021-12-21 12:50:59.944root 11241100x8000000000000000724394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a50ee18cc43db42021-12-21 12:50:59.944root 11241100x8000000000000000724395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:50:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc04878e2d03c3f2021-12-21 12:50:59.944root 11241100x8000000000000000724396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242a4b5e9a72180e2021-12-21 12:51:00.443root 11241100x8000000000000000724397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbc76a701f8696a2021-12-21 12:51:00.443root 11241100x8000000000000000724398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96707411196453192021-12-21 12:51:00.443root 11241100x8000000000000000724399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4358c3adacd9142021-12-21 12:51:00.443root 11241100x8000000000000000724400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87b3388e4357f2e2021-12-21 12:51:00.443root 11241100x8000000000000000724401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32de12d65cbb7e242021-12-21 12:51:00.443root 11241100x8000000000000000724402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78bfe63b7fb5ced2021-12-21 12:51:00.443root 11241100x8000000000000000724403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507446e3bcddb8172021-12-21 12:51:00.443root 11241100x8000000000000000724404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846e18be50b545f92021-12-21 12:51:00.443root 11241100x8000000000000000724405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410f4905acb6209d2021-12-21 12:51:00.444root 11241100x8000000000000000724406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224a1e92582222762021-12-21 12:51:00.444root 11241100x8000000000000000724407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7870c942db0217262021-12-21 12:51:00.445root 11241100x8000000000000000724408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66f922f1442d4942021-12-21 12:51:00.445root 11241100x8000000000000000724409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd24169a5711c9f2021-12-21 12:51:00.445root 11241100x8000000000000000724410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c2771c78d0dac52021-12-21 12:51:00.445root 11241100x8000000000000000724411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d350ef8c7a798a82021-12-21 12:51:00.445root 11241100x8000000000000000724412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42397a81cf4617e72021-12-21 12:51:00.445root 11241100x8000000000000000724413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f3d503d5a4e6ed2021-12-21 12:51:00.445root 11241100x8000000000000000724414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a590762218c48602021-12-21 12:51:00.445root 11241100x8000000000000000724415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a854d3f81802bc622021-12-21 12:51:00.445root 11241100x8000000000000000724416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b597d8c4ea91d02021-12-21 12:51:00.445root 11241100x8000000000000000724417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c172a812dec2e622021-12-21 12:51:00.445root 11241100x8000000000000000724418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36f4a8fe7f1d442021-12-21 12:51:00.445root 11241100x8000000000000000724419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09eb33e61cf6a5a72021-12-21 12:51:00.445root 11241100x8000000000000000724420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8399fb48c556de792021-12-21 12:51:00.445root 11241100x8000000000000000724421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffe908c12d2d1302021-12-21 12:51:00.445root 11241100x8000000000000000724422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51654630ae2ac2c32021-12-21 12:51:00.446root 11241100x8000000000000000724423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc13b52f9c042222021-12-21 12:51:00.446root 11241100x8000000000000000724424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f0b7ddd30716762021-12-21 12:51:00.446root 11241100x8000000000000000724425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc2eb5c400584742021-12-21 12:51:00.446root 11241100x8000000000000000724426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f1d7fb19dc22792021-12-21 12:51:00.943root 11241100x8000000000000000724427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365612ba784ee062021-12-21 12:51:00.943root 11241100x8000000000000000724428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa5da3b3e99d6a2021-12-21 12:51:00.943root 11241100x8000000000000000724429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90da5170c0fc79922021-12-21 12:51:00.943root 11241100x8000000000000000724430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610ca9d9e8b1234e2021-12-21 12:51:00.943root 11241100x8000000000000000724431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f065cfd85e3602642021-12-21 12:51:00.944root 11241100x8000000000000000724432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb26c47912a89e72021-12-21 12:51:00.944root 11241100x8000000000000000724433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c9e325114d2ba82021-12-21 12:51:00.944root 11241100x8000000000000000724434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab0e99522ce74002021-12-21 12:51:00.944root 11241100x8000000000000000724435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb2b8f902a0ac1e2021-12-21 12:51:00.944root 11241100x8000000000000000724436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a6cc3fa85e537d2021-12-21 12:51:00.944root 11241100x8000000000000000724437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988d8db307b3fd892021-12-21 12:51:00.944root 11241100x8000000000000000724438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ae9ca31b5e6c3f2021-12-21 12:51:00.944root 11241100x8000000000000000724439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9a1c76136ed36d2021-12-21 12:51:00.944root 11241100x8000000000000000724440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e47668931f7e2db2021-12-21 12:51:00.944root 11241100x8000000000000000724441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8201008e59d880fc2021-12-21 12:51:00.944root 11241100x8000000000000000724442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef9b2795358acb52021-12-21 12:51:00.944root 11241100x8000000000000000724443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60234cc878126d0a2021-12-21 12:51:00.945root 11241100x8000000000000000724444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679f5a57cd8bc3772021-12-21 12:51:00.945root 11241100x8000000000000000724445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a869321a3fae7c92021-12-21 12:51:00.945root 11241100x8000000000000000724446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41df9e58817f9b42021-12-21 12:51:00.945root 11241100x8000000000000000724447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0779af0db2f842021-12-21 12:51:00.945root 11241100x8000000000000000724448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4b6dd7bcbdf1a82021-12-21 12:51:00.945root 11241100x8000000000000000724449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59f168f2e222c6d2021-12-21 12:51:00.945root 11241100x8000000000000000724450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b932403a96c468042021-12-21 12:51:00.945root 11241100x8000000000000000724451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a265151e2fec8a642021-12-21 12:51:00.945root 11241100x8000000000000000724452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204e58704498ec5c2021-12-21 12:51:00.945root 11241100x8000000000000000724453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef2efb282478952021-12-21 12:51:00.945root 11241100x8000000000000000724454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb329ebd55b8af8f2021-12-21 12:51:00.945root 11241100x8000000000000000724455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8e4612c06c6ed62021-12-21 12:51:00.946root 11241100x8000000000000000724456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1486f31f5fa2a2c2021-12-21 12:51:00.946root 11241100x8000000000000000724457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5ee9db6bfd46bb2021-12-21 12:51:00.946root 11241100x8000000000000000724458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6595c54562a1a6152021-12-21 12:51:00.946root 11241100x8000000000000000724459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d33f76e494afd0d2021-12-21 12:51:00.946root 11241100x8000000000000000724460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fded9852ae51222021-12-21 12:51:00.946root 11241100x8000000000000000724461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56c19ead25b2da12021-12-21 12:51:00.947root 11241100x8000000000000000724462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7880a4cb89d6d432021-12-21 12:51:00.947root 11241100x8000000000000000724463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8993f82f7519906b2021-12-21 12:51:00.947root 11241100x8000000000000000724464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c4db636dd383952021-12-21 12:51:00.947root 11241100x8000000000000000724465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7e0004d82af402021-12-21 12:51:00.947root 11241100x8000000000000000724466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d0a97a250fe3d82021-12-21 12:51:00.947root 11241100x8000000000000000724467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5256a8b92184ce542021-12-21 12:51:00.947root 11241100x8000000000000000724468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db348fd961294792021-12-21 12:51:00.947root 11241100x8000000000000000724469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900c921eb4569c812021-12-21 12:51:00.947root 11241100x8000000000000000724470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200b04a74d2363402021-12-21 12:51:00.947root 11241100x8000000000000000724471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ee8beeaec920262021-12-21 12:51:00.947root 11241100x8000000000000000724472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ff8249791e2f3e2021-12-21 12:51:00.947root 11241100x8000000000000000724473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8d7a6993bdfbc82021-12-21 12:51:00.948root 11241100x8000000000000000724474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5659dcd19e01532021-12-21 12:51:00.948root 11241100x8000000000000000724475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056161d5c1c2623a2021-12-21 12:51:00.948root 11241100x8000000000000000724476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab122d863d7c1c9e2021-12-21 12:51:00.948root 11241100x8000000000000000724477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df39ee109c0d29912021-12-21 12:51:00.948root 11241100x8000000000000000724478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad49d563308e6902021-12-21 12:51:00.948root 11241100x8000000000000000724479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8b00fe90047a5d2021-12-21 12:51:00.948root 11241100x8000000000000000724480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e761637dab60d5bd2021-12-21 12:51:00.948root 11241100x8000000000000000724481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1b26cab859b4762021-12-21 12:51:00.948root 11241100x8000000000000000724482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e849ec983b202eb82021-12-21 12:51:00.948root 11241100x8000000000000000724483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c48b79f4f691de2021-12-21 12:51:00.948root 11241100x8000000000000000724484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df02b9e2916f98e2021-12-21 12:51:00.949root 11241100x8000000000000000724485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61229d53de7fe442021-12-21 12:51:00.949root 11241100x8000000000000000724486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0808857406cf052021-12-21 12:51:00.949root 11241100x8000000000000000724487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eeb1000fd6fc1a62021-12-21 12:51:00.949root 11241100x8000000000000000724488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0adee85373a9f02021-12-21 12:51:00.949root 11241100x8000000000000000724489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1b5b94222ab3912021-12-21 12:51:00.949root 11241100x8000000000000000724490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6483a07fdb96392021-12-21 12:51:00.949root 11241100x8000000000000000724491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e401cdcb68374fdb2021-12-21 12:51:00.949root 11241100x8000000000000000724492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106fc9e5974b699b2021-12-21 12:51:00.949root 11241100x8000000000000000724493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3394a2605d8a12b2021-12-21 12:51:00.949root 11241100x8000000000000000724494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6745a0d5345359a22021-12-21 12:51:00.949root 11241100x8000000000000000724495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1e960de4b94222021-12-21 12:51:00.949root 11241100x8000000000000000724496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabac99e94c4fe02021-12-21 12:51:00.950root 11241100x8000000000000000724497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e96a1f7afcb4662021-12-21 12:51:00.950root 11241100x8000000000000000724498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c781f6fb4562b32021-12-21 12:51:00.950root 11241100x8000000000000000724499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00c4e8b4e73f5fd2021-12-21 12:51:00.950root 11241100x8000000000000000724500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3e24490d3b317f2021-12-21 12:51:00.950root 11241100x8000000000000000724501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67484f9b389848782021-12-21 12:51:00.950root 11241100x8000000000000000724502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6252facacea5fdd52021-12-21 12:51:00.950root 11241100x8000000000000000724503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd448768be53bec2021-12-21 12:51:00.950root 11241100x8000000000000000724504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cd911cf99f0a322021-12-21 12:51:00.950root 11241100x8000000000000000724505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6dcfc8f90dbe032021-12-21 12:51:00.950root 11241100x8000000000000000724506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375fa164bdb5deff2021-12-21 12:51:00.950root 11241100x8000000000000000724507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08141369d9b9fda2021-12-21 12:51:00.950root 11241100x8000000000000000724508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a6dd88e57cea762021-12-21 12:51:00.951root 11241100x8000000000000000724509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ab7db35bf38a272021-12-21 12:51:00.951root 11241100x8000000000000000724510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef32e5c07f9e45352021-12-21 12:51:00.951root 11241100x8000000000000000724511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb31f6d5a22dd4a2021-12-21 12:51:00.951root 11241100x8000000000000000724512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f90ed906c41542021-12-21 12:51:00.951root 11241100x8000000000000000724513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141933732ba69af92021-12-21 12:51:00.951root 11241100x8000000000000000724514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe0de69d84846eb2021-12-21 12:51:00.951root 11241100x8000000000000000724515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b05f762abc146a2021-12-21 12:51:00.951root 11241100x8000000000000000724516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26847fdfcb683252021-12-21 12:51:00.952root 11241100x8000000000000000724517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e9449bdfd8174f2021-12-21 12:51:00.952root 11241100x8000000000000000724518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae6ea53a7b58dd52021-12-21 12:51:00.952root 11241100x8000000000000000724519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0b097c6fc2192a2021-12-21 12:51:00.952root 11241100x8000000000000000724520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dfb2e0cac080f82021-12-21 12:51:00.952root 11241100x8000000000000000724521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb738165c873f4b2021-12-21 12:51:00.952root 11241100x8000000000000000724522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3e188c580b0bd22021-12-21 12:51:00.952root 11241100x8000000000000000724523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c187d81b3a912dd2021-12-21 12:51:00.952root 11241100x8000000000000000724524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53fee4380543a092021-12-21 12:51:00.952root 11241100x8000000000000000724525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24df5b093d7fa4982021-12-21 12:51:00.952root 11241100x8000000000000000724526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6467086f540e7f02021-12-21 12:51:00.952root 11241100x8000000000000000724527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898ccad4cbdb64d2021-12-21 12:51:00.952root 11241100x8000000000000000724528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982438d020c2156f2021-12-21 12:51:00.952root 11241100x8000000000000000724529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f540753c0bc282021-12-21 12:51:00.952root 11241100x8000000000000000724530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14419c9822a5e6ca2021-12-21 12:51:00.953root 11241100x8000000000000000724531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf34f4cecf17fc92021-12-21 12:51:00.953root 11241100x8000000000000000724532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e2c2a4b7503782021-12-21 12:51:00.954root 11241100x8000000000000000724533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e041d3f69ec83f02021-12-21 12:51:00.954root 11241100x8000000000000000724534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741bdf7a582684572021-12-21 12:51:00.954root 11241100x8000000000000000724535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b969624e368fc2021-12-21 12:51:00.954root 11241100x8000000000000000724536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12679ed9d7de3542021-12-21 12:51:00.954root 11241100x8000000000000000724537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397499d9f4aebaed2021-12-21 12:51:00.954root 11241100x8000000000000000724538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ece367877b54022021-12-21 12:51:00.954root 11241100x8000000000000000724539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d7f05eb096b21f2021-12-21 12:51:00.954root 11241100x8000000000000000724540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7452662c85aacba2021-12-21 12:51:00.954root 11241100x8000000000000000724541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c6ffe1425218c72021-12-21 12:51:00.955root 11241100x8000000000000000724542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1ccecb0e63f2962021-12-21 12:51:00.955root 11241100x8000000000000000724543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235e48cbacb780d2021-12-21 12:51:00.955root 11241100x8000000000000000724544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525d4ea5eb994382021-12-21 12:51:00.955root 11241100x8000000000000000724545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4650edf51272c82021-12-21 12:51:00.955root 11241100x8000000000000000724546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b24eb368c1fee932021-12-21 12:51:00.955root 11241100x8000000000000000724547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98877ee97a38ece2021-12-21 12:51:00.955root 11241100x8000000000000000724548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc34199559bd365e2021-12-21 12:51:00.955root 11241100x8000000000000000724549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:00.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c0f6cdb92d1422021-12-21 12:51:00.956root 11241100x8000000000000000724550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac69017a9ad5a3602021-12-21 12:51:01.443root 11241100x8000000000000000724551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965310cf74ebfcde2021-12-21 12:51:01.443root 11241100x8000000000000000724552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42d866727c9cda32021-12-21 12:51:01.443root 11241100x8000000000000000724553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1236fb971276d8fc2021-12-21 12:51:01.443root 11241100x8000000000000000724554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa066656648ef5022021-12-21 12:51:01.444root 11241100x8000000000000000724555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768d6724aad318062021-12-21 12:51:01.444root 11241100x8000000000000000724556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d513cd027bc57d932021-12-21 12:51:01.444root 11241100x8000000000000000724557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e8d6993f67b162021-12-21 12:51:01.444root 11241100x8000000000000000724558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9493cd71c5e25e2021-12-21 12:51:01.444root 11241100x8000000000000000724559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900092bf46d4159a2021-12-21 12:51:01.444root 11241100x8000000000000000724560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e72f8cb937213102021-12-21 12:51:01.444root 11241100x8000000000000000724561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e15ec76b3ee4f92021-12-21 12:51:01.444root 11241100x8000000000000000724562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9165c7144f98b0f2021-12-21 12:51:01.444root 11241100x8000000000000000724563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c7b39ec56c092e2021-12-21 12:51:01.445root 11241100x8000000000000000724564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416a4254ff70190d2021-12-21 12:51:01.445root 11241100x8000000000000000724565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dd91e24d1a1cc12021-12-21 12:51:01.445root 11241100x8000000000000000724566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c715883ae043212021-12-21 12:51:01.445root 11241100x8000000000000000724567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad6e12a02bf84552021-12-21 12:51:01.445root 11241100x8000000000000000724568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e647d5dd5fa27d5a2021-12-21 12:51:01.446root 11241100x8000000000000000724569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8399759acc8fb802021-12-21 12:51:01.446root 11241100x8000000000000000724570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f95c4056fa3a2a2021-12-21 12:51:01.943root 11241100x8000000000000000724571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570021d3c0cb85fb2021-12-21 12:51:01.943root 11241100x8000000000000000724572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6e56dab9832eb02021-12-21 12:51:01.944root 11241100x8000000000000000724573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81aa5c9c835c2892021-12-21 12:51:01.944root 11241100x8000000000000000724574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821cb6029dea93042021-12-21 12:51:01.944root 11241100x8000000000000000724575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83005fb41a3aab52021-12-21 12:51:01.944root 11241100x8000000000000000724576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee00102623613f062021-12-21 12:51:01.944root 11241100x8000000000000000724577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7156e491a881d652021-12-21 12:51:01.944root 11241100x8000000000000000724578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9f40c894b228942021-12-21 12:51:01.944root 11241100x8000000000000000724579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c13abf3e4458bf2021-12-21 12:51:01.944root 11241100x8000000000000000724580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03412b5699168a452021-12-21 12:51:01.944root 11241100x8000000000000000724581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f5b9365fa593b62021-12-21 12:51:01.944root 11241100x8000000000000000724582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a6e0d4f8945aa2021-12-21 12:51:01.945root 11241100x8000000000000000724583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d08b0893f4069392021-12-21 12:51:01.945root 11241100x8000000000000000724584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614a790d1b06ca322021-12-21 12:51:01.945root 11241100x8000000000000000724585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08f70f6ab346c72021-12-21 12:51:01.945root 11241100x8000000000000000724586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f075b8b9f5a0bdb2021-12-21 12:51:01.945root 11241100x8000000000000000724587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b31f41d6095a7102021-12-21 12:51:01.945root 11241100x8000000000000000724588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7ec8acb26ce542021-12-21 12:51:01.946root 11241100x8000000000000000724589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86469f39f20e052021-12-21 12:51:01.946root 11241100x8000000000000000724590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583c30b3a94799682021-12-21 12:51:02.443root 11241100x8000000000000000724591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979633272c3581862021-12-21 12:51:02.443root 11241100x8000000000000000724592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2b34cb056e57492021-12-21 12:51:02.444root 11241100x8000000000000000724593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194b7be8b7f36c262021-12-21 12:51:02.444root 11241100x8000000000000000724594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ea88299b4ac6e52021-12-21 12:51:02.444root 11241100x8000000000000000724595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e399d0647e38a6e72021-12-21 12:51:02.444root 11241100x8000000000000000724596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bdce80671131832021-12-21 12:51:02.444root 11241100x8000000000000000724597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db98b3c78f9b1b392021-12-21 12:51:02.444root 11241100x8000000000000000724598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23237efbb26874762021-12-21 12:51:02.445root 11241100x8000000000000000724599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d73c8be1e31fc52021-12-21 12:51:02.445root 11241100x8000000000000000724600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0793affd84f0dd462021-12-21 12:51:02.445root 11241100x8000000000000000724601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d55371338b5e822021-12-21 12:51:02.445root 11241100x8000000000000000724602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc45f07212389bf2021-12-21 12:51:02.445root 11241100x8000000000000000724603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41af748cd2ef526a2021-12-21 12:51:02.445root 11241100x8000000000000000724604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14128866bf43bf02021-12-21 12:51:02.445root 11241100x8000000000000000724605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34df437c4295347e2021-12-21 12:51:02.445root 11241100x8000000000000000724606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2362868894b467202021-12-21 12:51:02.445root 11241100x8000000000000000724607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e867c1ef1476f2021-12-21 12:51:02.445root 11241100x8000000000000000724608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe28ab8dcbd5ca52021-12-21 12:51:02.445root 11241100x8000000000000000724609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d18bf71cdcb8a62021-12-21 12:51:02.445root 11241100x8000000000000000724610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ffc867a7cead222021-12-21 12:51:02.943root 11241100x8000000000000000724611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fe6ac89b67d8082021-12-21 12:51:02.943root 11241100x8000000000000000724612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f887e966bc315502021-12-21 12:51:02.944root 11241100x8000000000000000724613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fd016ce898c14c2021-12-21 12:51:02.944root 11241100x8000000000000000724614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debe1d3b34c9545e2021-12-21 12:51:02.944root 11241100x8000000000000000724615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3fe70d7cd2c0f12021-12-21 12:51:02.944root 11241100x8000000000000000724616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f58220abc359fe2021-12-21 12:51:02.945root 11241100x8000000000000000724617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1455c2ffb3a0c66c2021-12-21 12:51:02.945root 11241100x8000000000000000724618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e50f535b89bafc2021-12-21 12:51:02.945root 11241100x8000000000000000724619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6562318297da6212021-12-21 12:51:02.945root 11241100x8000000000000000724620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d7a01faacc198b2021-12-21 12:51:02.945root 11241100x8000000000000000724621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f45fe3ac2d23002021-12-21 12:51:02.945root 11241100x8000000000000000724622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb2d92e4435c94c2021-12-21 12:51:02.945root 11241100x8000000000000000724623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c814e8cb014ef382021-12-21 12:51:02.945root 11241100x8000000000000000724624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92ab363720507f2021-12-21 12:51:02.945root 11241100x8000000000000000724625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500910c2308f3b4d2021-12-21 12:51:02.945root 11241100x8000000000000000724626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fbbfcb3042cc4d2021-12-21 12:51:02.946root 11241100x8000000000000000724627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a761e01daf87ccab2021-12-21 12:51:02.946root 11241100x8000000000000000724628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df7e9620a1c48e42021-12-21 12:51:02.946root 11241100x8000000000000000724629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0f0aa2556a84c82021-12-21 12:51:02.946root 354300x8000000000000000724630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50574-false10.0.1.12-8000- 11241100x8000000000000000724631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32277b1e7dacfbe52021-12-21 12:51:03.442root 11241100x8000000000000000724632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f08b529d6a7a282021-12-21 12:51:03.443root 11241100x8000000000000000724633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d20103e03ce84c2021-12-21 12:51:03.443root 11241100x8000000000000000724634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c23b1eb2ec1aac2021-12-21 12:51:03.443root 11241100x8000000000000000724635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90fb95768453d682021-12-21 12:51:03.443root 11241100x8000000000000000724636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca058201252f9f462021-12-21 12:51:03.443root 11241100x8000000000000000724637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301be4a3ef72a4082021-12-21 12:51:03.443root 11241100x8000000000000000724638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da9b628ec06a8b32021-12-21 12:51:03.443root 11241100x8000000000000000724639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4897917371e767dc2021-12-21 12:51:03.444root 11241100x8000000000000000724640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe85a638752ce82021-12-21 12:51:03.444root 11241100x8000000000000000724641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62505358afe8f7e82021-12-21 12:51:03.444root 11241100x8000000000000000724642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a9affe4ec80a6b2021-12-21 12:51:03.444root 11241100x8000000000000000724643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcef90e8e220ef82021-12-21 12:51:03.444root 11241100x8000000000000000724644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe794ede47b6a92021-12-21 12:51:03.444root 11241100x8000000000000000724645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a846af2fc3c4e02021-12-21 12:51:03.445root 11241100x8000000000000000724646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42b429269d67c972021-12-21 12:51:03.445root 11241100x8000000000000000724647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1d8a7415ad28ad2021-12-21 12:51:03.445root 11241100x8000000000000000724648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37c734be60244ff2021-12-21 12:51:03.445root 11241100x8000000000000000724649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d76b5e7f5cccd2021-12-21 12:51:03.445root 11241100x8000000000000000724650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b609da0c6ccb1342021-12-21 12:51:03.446root 11241100x8000000000000000724651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dd43c346ffffbc2021-12-21 12:51:03.446root 11241100x8000000000000000724652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9287aac4c6965aa2021-12-21 12:51:03.446root 11241100x8000000000000000724653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29a903bf1402c4f2021-12-21 12:51:03.446root 11241100x8000000000000000724654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076afbf35651c2fc2021-12-21 12:51:03.446root 11241100x8000000000000000724655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a128e0c7a27d26632021-12-21 12:51:03.446root 11241100x8000000000000000724656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a815ad3949d4322021-12-21 12:51:03.446root 11241100x8000000000000000724657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81f1369419d16052021-12-21 12:51:03.446root 11241100x8000000000000000724658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84813ff6fb148bc22021-12-21 12:51:03.446root 11241100x8000000000000000724659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3680bda0f7f249882021-12-21 12:51:03.447root 11241100x8000000000000000724660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc8667b3873e3592021-12-21 12:51:03.447root 11241100x8000000000000000724661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd7620d5a7e17212021-12-21 12:51:03.447root 11241100x8000000000000000724662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf56af8f43a5df62021-12-21 12:51:03.447root 11241100x8000000000000000724663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132390afc1a979482021-12-21 12:51:03.447root 11241100x8000000000000000724664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067664ee9baf8472021-12-21 12:51:03.447root 11241100x8000000000000000724665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dbed7032ca373b2021-12-21 12:51:03.447root 11241100x8000000000000000724666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4454e72270a8612021-12-21 12:51:03.447root 11241100x8000000000000000724667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15ee69786a5a8692021-12-21 12:51:03.943root 11241100x8000000000000000724668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9d451005d1715b2021-12-21 12:51:03.943root 11241100x8000000000000000724669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3146967cdd68be12021-12-21 12:51:03.943root 11241100x8000000000000000724670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80457bf22ccdc14f2021-12-21 12:51:03.943root 11241100x8000000000000000724671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2766065329bd40f2021-12-21 12:51:03.943root 11241100x8000000000000000724672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a480ccfeae10cee2021-12-21 12:51:03.943root 11241100x8000000000000000724673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e155faf2ff0bb26c2021-12-21 12:51:03.944root 11241100x8000000000000000724674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3afeca180fb4e92021-12-21 12:51:03.944root 11241100x8000000000000000724675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4282700507d5b6232021-12-21 12:51:03.944root 11241100x8000000000000000724676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd916b04faf40fd2021-12-21 12:51:03.944root 11241100x8000000000000000724677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636d6a690410d4cf2021-12-21 12:51:03.944root 11241100x8000000000000000724678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f263ffc558f45d652021-12-21 12:51:03.944root 11241100x8000000000000000724679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76de383558d29aad2021-12-21 12:51:03.944root 11241100x8000000000000000724680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12afd66a2f7655132021-12-21 12:51:03.944root 11241100x8000000000000000724681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30970461c30961642021-12-21 12:51:03.944root 11241100x8000000000000000724682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb68093711904242021-12-21 12:51:03.944root 11241100x8000000000000000724683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273d259a2ce2b9bc2021-12-21 12:51:03.945root 11241100x8000000000000000724684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b724c32247370c2021-12-21 12:51:03.945root 11241100x8000000000000000724685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b9b21f61b42f332021-12-21 12:51:03.945root 11241100x8000000000000000724686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2985af9bdfa696d32021-12-21 12:51:03.945root 11241100x8000000000000000724687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8c2436f6742e7f2021-12-21 12:51:03.945root 11241100x8000000000000000724688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8262af8ffa88c7182021-12-21 12:51:04.443root 11241100x8000000000000000724689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e786a972438b18bb2021-12-21 12:51:04.443root 11241100x8000000000000000724690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fa3b0df752d4702021-12-21 12:51:04.443root 11241100x8000000000000000724691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b9a35cc5e5e3d22021-12-21 12:51:04.443root 11241100x8000000000000000724692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeee714077059fa02021-12-21 12:51:04.444root 11241100x8000000000000000724693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4309220a7cd9bd52021-12-21 12:51:04.444root 11241100x8000000000000000724694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55819f2dcfe132f92021-12-21 12:51:04.444root 11241100x8000000000000000724695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6869dda48e1e990f2021-12-21 12:51:04.444root 11241100x8000000000000000724696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db7cfc95b1faf462021-12-21 12:51:04.444root 11241100x8000000000000000724697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4debb942e77f0ceb2021-12-21 12:51:04.444root 11241100x8000000000000000724698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b457e481b888a382021-12-21 12:51:04.444root 11241100x8000000000000000724699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de30ad86abea29b42021-12-21 12:51:04.444root 11241100x8000000000000000724700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab4eda165b6aa152021-12-21 12:51:04.444root 11241100x8000000000000000724701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b1755d4f8e8bd2021-12-21 12:51:04.444root 11241100x8000000000000000724702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe8ded3108250842021-12-21 12:51:04.445root 11241100x8000000000000000724703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6f366fc45a51e82021-12-21 12:51:04.445root 11241100x8000000000000000724704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ec49141c0246d12021-12-21 12:51:04.445root 11241100x8000000000000000724705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab713b7b196d47c2021-12-21 12:51:04.445root 11241100x8000000000000000724706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc71e5b9dfc7fca2021-12-21 12:51:04.445root 11241100x8000000000000000724707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd4b3bd9312ee8c2021-12-21 12:51:04.446root 11241100x8000000000000000724708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3f0fcf04759f542021-12-21 12:51:04.446root 11241100x8000000000000000724709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef8eb0eb85165242021-12-21 12:51:04.943root 11241100x8000000000000000724710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3417c7f63408ad2021-12-21 12:51:04.943root 11241100x8000000000000000724711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1444b8fc7991e7b72021-12-21 12:51:04.943root 11241100x8000000000000000724712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d752e9ce4f2b8a22021-12-21 12:51:04.943root 11241100x8000000000000000724713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a51685b712b1482021-12-21 12:51:04.944root 11241100x8000000000000000724714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8f0050d77170342021-12-21 12:51:04.944root 11241100x8000000000000000724715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15edf4bc53508dfb2021-12-21 12:51:04.944root 11241100x8000000000000000724716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1d470d62daab722021-12-21 12:51:04.944root 11241100x8000000000000000724717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd061fed6ec6e9892021-12-21 12:51:04.944root 11241100x8000000000000000724718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3bc2f3b73fdde82021-12-21 12:51:04.944root 11241100x8000000000000000724719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45a9cfce52e1f472021-12-21 12:51:04.944root 11241100x8000000000000000724720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92678831a9559602021-12-21 12:51:04.944root 11241100x8000000000000000724721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa9ab34c50ac98e2021-12-21 12:51:04.944root 11241100x8000000000000000724722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d356a6d49a69ed442021-12-21 12:51:04.944root 11241100x8000000000000000724723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51865ef128e917092021-12-21 12:51:04.944root 11241100x8000000000000000724724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f3c36767a265632021-12-21 12:51:04.945root 11241100x8000000000000000724725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53400e4ac42f67612021-12-21 12:51:04.945root 11241100x8000000000000000724726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bafae63e03094c2021-12-21 12:51:04.945root 11241100x8000000000000000724727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c01700b7157c5072021-12-21 12:51:04.945root 11241100x8000000000000000724728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5076c273d1486912021-12-21 12:51:04.945root 11241100x8000000000000000724729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f2c0ba3e7a841f2021-12-21 12:51:04.945root 11241100x8000000000000000724730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2074ed286b738e72021-12-21 12:51:05.443root 11241100x8000000000000000724731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaa3ba2ddf62c2f2021-12-21 12:51:05.443root 11241100x8000000000000000724732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e93c84fcf3699c2021-12-21 12:51:05.443root 11241100x8000000000000000724733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15d1ffbf7b47f312021-12-21 12:51:05.444root 11241100x8000000000000000724734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9588389375af670d2021-12-21 12:51:05.444root 11241100x8000000000000000724735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fc84584b1a5c4b2021-12-21 12:51:05.444root 11241100x8000000000000000724736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48caa577fd3463f82021-12-21 12:51:05.444root 11241100x8000000000000000724737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f503a6f71ab72d42021-12-21 12:51:05.444root 11241100x8000000000000000724738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f3bcf20e968cb2021-12-21 12:51:05.444root 11241100x8000000000000000724739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ee23655fd3d9c02021-12-21 12:51:05.444root 11241100x8000000000000000724740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1390536a1e72fce62021-12-21 12:51:05.444root 11241100x8000000000000000724741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9bf05bf237443e2021-12-21 12:51:05.444root 11241100x8000000000000000724742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23e97f6a9aba49f2021-12-21 12:51:05.445root 11241100x8000000000000000724743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f63fc59096a49c2021-12-21 12:51:05.445root 11241100x8000000000000000724744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f29628ea54524dc2021-12-21 12:51:05.445root 11241100x8000000000000000724745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d67fec5f077fd2021-12-21 12:51:05.445root 11241100x8000000000000000724746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9ff506c8b5d4762021-12-21 12:51:05.445root 11241100x8000000000000000724747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9f167a105225f62021-12-21 12:51:05.445root 11241100x8000000000000000724748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0174050addf1c2021-12-21 12:51:05.445root 11241100x8000000000000000724749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bcad03e39748c92021-12-21 12:51:05.445root 11241100x8000000000000000724750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec63fa3b4bdfeee2021-12-21 12:51:05.445root 11241100x8000000000000000724751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7a713dd3169882021-12-21 12:51:05.943root 11241100x8000000000000000724752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6a52fa6989db62021-12-21 12:51:05.944root 11241100x8000000000000000724753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8ba57be2afb7632021-12-21 12:51:05.944root 11241100x8000000000000000724754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c2e4ae65d97002021-12-21 12:51:05.944root 11241100x8000000000000000724755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1135b8a268e60f022021-12-21 12:51:05.944root 11241100x8000000000000000724756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7013fa5cb6f5e9d72021-12-21 12:51:05.944root 11241100x8000000000000000724757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a4c342ef37f6bb2021-12-21 12:51:05.944root 11241100x8000000000000000724758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efb8ff593a7d1b52021-12-21 12:51:05.944root 11241100x8000000000000000724759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5a8273307705af2021-12-21 12:51:05.945root 11241100x8000000000000000724760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d750c1c136200e52021-12-21 12:51:05.945root 11241100x8000000000000000724761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068cd0ed0332b3952021-12-21 12:51:05.945root 11241100x8000000000000000724762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd72f357457fab9c2021-12-21 12:51:05.945root 11241100x8000000000000000724763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d3f4396bc061682021-12-21 12:51:05.945root 11241100x8000000000000000724764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a5872a4f3f17352021-12-21 12:51:05.945root 11241100x8000000000000000724765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1192628d1ca5a4c22021-12-21 12:51:05.945root 11241100x8000000000000000724766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bfda99573c92ed2021-12-21 12:51:05.945root 11241100x8000000000000000724767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad9324aadba3572021-12-21 12:51:05.945root 11241100x8000000000000000724768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bc8532db1cacea2021-12-21 12:51:05.945root 11241100x8000000000000000724769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48196a13b543a992021-12-21 12:51:05.945root 11241100x8000000000000000724770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5405799d2bb865282021-12-21 12:51:05.945root 11241100x8000000000000000724771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c2255828df2bbe2021-12-21 12:51:05.946root 11241100x8000000000000000724772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:51:06.131root 11241100x8000000000000000724773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfac6fc08693b1242021-12-21 12:51:06.443root 11241100x8000000000000000724774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592ada0f12971182021-12-21 12:51:06.443root 11241100x8000000000000000724775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c1709d36eeddda2021-12-21 12:51:06.443root 11241100x8000000000000000724776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f5cc93f7ec9def2021-12-21 12:51:06.443root 11241100x8000000000000000724777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34266cdcdc65f88c2021-12-21 12:51:06.444root 11241100x8000000000000000724778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f53dbf63a68f462021-12-21 12:51:06.444root 11241100x8000000000000000724779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a737d86010bd9a2021-12-21 12:51:06.444root 11241100x8000000000000000724780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72c8fa573f043e2021-12-21 12:51:06.444root 11241100x8000000000000000724781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eadad75c99ff36d2021-12-21 12:51:06.444root 11241100x8000000000000000724782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc2aec4d45e08f32021-12-21 12:51:06.444root 11241100x8000000000000000724783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b542e66b4d5625cd2021-12-21 12:51:06.444root 11241100x8000000000000000724784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab6aad4104624cd2021-12-21 12:51:06.444root 11241100x8000000000000000724785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12612391fc7b03a2021-12-21 12:51:06.444root 11241100x8000000000000000724786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9733a29cd3f3c1fc2021-12-21 12:51:06.444root 11241100x8000000000000000724787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb1421ec977cdf2021-12-21 12:51:06.444root 11241100x8000000000000000724788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffa7cc26d42a9f52021-12-21 12:51:06.445root 11241100x8000000000000000724789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a37290243fa5f772021-12-21 12:51:06.445root 11241100x8000000000000000724790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d62509154a705282021-12-21 12:51:06.445root 11241100x8000000000000000724791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06279219cdf798132021-12-21 12:51:06.445root 11241100x8000000000000000724792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fbffd2af781cd02021-12-21 12:51:06.445root 11241100x8000000000000000724793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3573c6a74d33bad32021-12-21 12:51:06.445root 11241100x8000000000000000724794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00226a8ec4e3687c2021-12-21 12:51:06.445root 11241100x8000000000000000724795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870b42bc676ca2d92021-12-21 12:51:06.943root 11241100x8000000000000000724796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fd212cda6021a22021-12-21 12:51:06.943root 11241100x8000000000000000724797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c71c9a3830fa0c32021-12-21 12:51:06.944root 11241100x8000000000000000724798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca9ba82ab73d96b2021-12-21 12:51:06.944root 11241100x8000000000000000724799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e98c8638d3faa52021-12-21 12:51:06.944root 11241100x8000000000000000724800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f78b18d38d509672021-12-21 12:51:06.944root 11241100x8000000000000000724801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08512c381c9885ba2021-12-21 12:51:06.945root 11241100x8000000000000000724802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb746fbd4d1b342021-12-21 12:51:06.945root 11241100x8000000000000000724803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189915be59adb59c2021-12-21 12:51:06.945root 11241100x8000000000000000724804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd47a3c539e6ead2021-12-21 12:51:06.946root 11241100x8000000000000000724805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f5c122cb33bf5c2021-12-21 12:51:06.946root 11241100x8000000000000000724806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8682e7b53eeba7fc2021-12-21 12:51:06.947root 11241100x8000000000000000724807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca18ce0665410d3a2021-12-21 12:51:06.947root 11241100x8000000000000000724808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ef6f9824bf8d822021-12-21 12:51:06.948root 11241100x8000000000000000724809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059df08ec2fccaa32021-12-21 12:51:06.948root 11241100x8000000000000000724810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eeb2ab4bc8bbac2021-12-21 12:51:06.949root 11241100x8000000000000000724811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51400a1fcf75f2642021-12-21 12:51:06.949root 11241100x8000000000000000724812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea74f999c0c85d6b2021-12-21 12:51:06.950root 11241100x8000000000000000724813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ffdb8fe2878d222021-12-21 12:51:06.950root 11241100x8000000000000000724814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480d375c2fcefc42021-12-21 12:51:06.950root 11241100x8000000000000000724815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e516fce989bfcd782021-12-21 12:51:06.952root 11241100x8000000000000000724816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c022fea40f97a92021-12-21 12:51:06.952root 11241100x8000000000000000724817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee1b2195aaf439a2021-12-21 12:51:06.952root 11241100x8000000000000000724818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ca9b4fa8ae669c2021-12-21 12:51:06.952root 11241100x8000000000000000724819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8e8e11ca72db322021-12-21 12:51:06.952root 11241100x8000000000000000724820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a579ca306f649d2021-12-21 12:51:06.952root 11241100x8000000000000000724821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674effd940fd26762021-12-21 12:51:06.952root 11241100x8000000000000000724822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dfbf790b1e212c2021-12-21 12:51:07.442root 11241100x8000000000000000724823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cfb31870690ab82021-12-21 12:51:07.443root 11241100x8000000000000000724824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ac3b332daae6102021-12-21 12:51:07.443root 11241100x8000000000000000724825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc421c2fe1e2cf742021-12-21 12:51:07.443root 11241100x8000000000000000724826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507dc45b7c6829cc2021-12-21 12:51:07.443root 11241100x8000000000000000724827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39b36db047d3e42021-12-21 12:51:07.443root 11241100x8000000000000000724828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b37b34a60c7b542021-12-21 12:51:07.443root 11241100x8000000000000000724829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3f7343bc0169452021-12-21 12:51:07.443root 11241100x8000000000000000724830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66be503517fb68582021-12-21 12:51:07.443root 11241100x8000000000000000724831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f69e84a5b4bea0b2021-12-21 12:51:07.443root 11241100x8000000000000000724832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346ae78f24f178632021-12-21 12:51:07.443root 11241100x8000000000000000724833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad44c1ab88b6a3b2021-12-21 12:51:07.443root 11241100x8000000000000000724834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9418c01106c4a4792021-12-21 12:51:07.443root 11241100x8000000000000000724835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dee671a6fdaaff82021-12-21 12:51:07.444root 11241100x8000000000000000724836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba4e2bc9697bb3c2021-12-21 12:51:07.444root 11241100x8000000000000000724837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07eea9c9384713c2021-12-21 12:51:07.444root 11241100x8000000000000000724838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae1e20de738238d2021-12-21 12:51:07.444root 11241100x8000000000000000724839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13e6f0f37c98c22021-12-21 12:51:07.444root 11241100x8000000000000000724840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfc87029a3c37172021-12-21 12:51:07.444root 11241100x8000000000000000724841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd8dd6040075d862021-12-21 12:51:07.444root 11241100x8000000000000000724842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df06266be6a3672021-12-21 12:51:07.444root 11241100x8000000000000000724843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b84998725c02ebe2021-12-21 12:51:07.444root 11241100x8000000000000000724844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9752bf71f3db21002021-12-21 12:51:07.943root 11241100x8000000000000000724845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4108e64fc811982021-12-21 12:51:07.943root 11241100x8000000000000000724846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f85981e3cd7d62021-12-21 12:51:07.943root 11241100x8000000000000000724847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94762195e18642592021-12-21 12:51:07.943root 11241100x8000000000000000724848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d37c9ea71d34de2021-12-21 12:51:07.944root 11241100x8000000000000000724849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5cf985477601dc2021-12-21 12:51:07.944root 11241100x8000000000000000724850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abed07cd84db7422021-12-21 12:51:07.944root 11241100x8000000000000000724851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7b81651ed9b5d72021-12-21 12:51:07.944root 11241100x8000000000000000724852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d6515266ddf9a62021-12-21 12:51:07.944root 11241100x8000000000000000724853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb136c3d5db5e762021-12-21 12:51:07.944root 11241100x8000000000000000724854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2918358d994f0eab2021-12-21 12:51:07.944root 11241100x8000000000000000724855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435249a1a72db64b2021-12-21 12:51:07.944root 11241100x8000000000000000724856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1290d4439968532021-12-21 12:51:07.944root 11241100x8000000000000000724857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bb9f365e86bdfa2021-12-21 12:51:07.944root 11241100x8000000000000000724858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4e25cb6c7960022021-12-21 12:51:07.944root 11241100x8000000000000000724859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86789c1a5290e712021-12-21 12:51:07.944root 11241100x8000000000000000724860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958b07b661d1d5482021-12-21 12:51:07.944root 11241100x8000000000000000724861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c124983e61abc0692021-12-21 12:51:07.944root 11241100x8000000000000000724862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56fde8fbd3b56572021-12-21 12:51:07.944root 11241100x8000000000000000724863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7b04f826113a1e2021-12-21 12:51:07.944root 11241100x8000000000000000724864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce699cf5dcbe672021-12-21 12:51:07.945root 11241100x8000000000000000724865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa6075c56ea3cf32021-12-21 12:51:07.945root 354300x8000000000000000724866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.193{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50576-false10.0.1.12-8000- 11241100x8000000000000000724867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f7f2e6f29de0202021-12-21 12:51:08.443root 11241100x8000000000000000724868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfb83790aae11dc2021-12-21 12:51:08.443root 11241100x8000000000000000724869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e013935378a0df492021-12-21 12:51:08.443root 11241100x8000000000000000724870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04c3831c472128b2021-12-21 12:51:08.444root 11241100x8000000000000000724871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e556a5239e5a202021-12-21 12:51:08.444root 11241100x8000000000000000724872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efed098f2c9eef82021-12-21 12:51:08.444root 11241100x8000000000000000724873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dc178984f8c6bd2021-12-21 12:51:08.444root 11241100x8000000000000000724874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2a909c1c6954152021-12-21 12:51:08.444root 11241100x8000000000000000724875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a033f803c19876a12021-12-21 12:51:08.444root 11241100x8000000000000000724876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae08341492c077cc2021-12-21 12:51:08.444root 11241100x8000000000000000724877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7194f62388aa972021-12-21 12:51:08.444root 11241100x8000000000000000724878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291163311796b74f2021-12-21 12:51:08.444root 11241100x8000000000000000724879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dc521ff11b3f0b2021-12-21 12:51:08.444root 11241100x8000000000000000724880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d1abf7fefe4882021-12-21 12:51:08.444root 11241100x8000000000000000724881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4e333ffa4c47d42021-12-21 12:51:08.444root 11241100x8000000000000000724882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec10588c57ec9d6d2021-12-21 12:51:08.444root 11241100x8000000000000000724883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871b5d8dc498442a2021-12-21 12:51:08.444root 11241100x8000000000000000724884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6891789f6e6231bb2021-12-21 12:51:08.444root 11241100x8000000000000000724885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f72900f1689a7b2021-12-21 12:51:08.444root 11241100x8000000000000000724886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb71afe74e0b3bee2021-12-21 12:51:08.445root 11241100x8000000000000000724887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1416d2d4e2f3992021-12-21 12:51:08.445root 11241100x8000000000000000724888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc769435825300d2021-12-21 12:51:08.445root 11241100x8000000000000000724889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a5b04c528af95c2021-12-21 12:51:08.445root 11241100x8000000000000000724890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39797ca32007b8e12021-12-21 12:51:08.943root 11241100x8000000000000000724891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858618ee3cbee4d42021-12-21 12:51:08.943root 11241100x8000000000000000724892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40605bdf7d9bce5d2021-12-21 12:51:08.943root 11241100x8000000000000000724893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63bf74378205daf2021-12-21 12:51:08.943root 11241100x8000000000000000724894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e59540d2934d812021-12-21 12:51:08.944root 11241100x8000000000000000724895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8f3eb0935da272021-12-21 12:51:08.944root 11241100x8000000000000000724896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9629e5e0861d9f92021-12-21 12:51:08.944root 11241100x8000000000000000724897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896e7e6c1eabbf352021-12-21 12:51:08.944root 11241100x8000000000000000724898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32f49bd7d7b887e2021-12-21 12:51:08.944root 11241100x8000000000000000724899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153a7cf5940129422021-12-21 12:51:08.944root 11241100x8000000000000000724900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafed5dbeb57cc822021-12-21 12:51:08.944root 11241100x8000000000000000724901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48586bd11b4b32562021-12-21 12:51:08.944root 11241100x8000000000000000724902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e106d7d2bc2c22021-12-21 12:51:08.944root 11241100x8000000000000000724903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e7c05e66936b542021-12-21 12:51:08.944root 11241100x8000000000000000724904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2667fd20f0cbc42021-12-21 12:51:08.944root 11241100x8000000000000000724905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68691b02e9c1249a2021-12-21 12:51:08.944root 11241100x8000000000000000724906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48093bfa2b56349a2021-12-21 12:51:08.944root 11241100x8000000000000000724907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f2b94edccc8b132021-12-21 12:51:08.944root 11241100x8000000000000000724908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614fa47c1cbb6f392021-12-21 12:51:08.944root 11241100x8000000000000000724909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25060b4a51815f1b2021-12-21 12:51:08.944root 11241100x8000000000000000724910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff6490f16ba656b2021-12-21 12:51:08.945root 11241100x8000000000000000724911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c0395af2a061b2021-12-21 12:51:08.945root 11241100x8000000000000000724912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce605cfd4c3995b42021-12-21 12:51:08.945root 23542300x8000000000000000724913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.023{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000724914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b590f46f4784f22021-12-21 12:51:09.443root 11241100x8000000000000000724915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caa539624e5f9692021-12-21 12:51:09.443root 11241100x8000000000000000724916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d311a32a2bbc80512021-12-21 12:51:09.444root 11241100x8000000000000000724917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001eb3c6118916972021-12-21 12:51:09.444root 11241100x8000000000000000724918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897d44618ac9dbd72021-12-21 12:51:09.444root 11241100x8000000000000000724919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcc73645aef28b42021-12-21 12:51:09.444root 11241100x8000000000000000724920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3257262eb50d5c3a2021-12-21 12:51:09.444root 11241100x8000000000000000724921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b86ce3fc1d648ae2021-12-21 12:51:09.444root 11241100x8000000000000000724922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a672e35fa4840a02021-12-21 12:51:09.444root 11241100x8000000000000000724923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42713039390a81c2021-12-21 12:51:09.444root 11241100x8000000000000000724924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e7885c0644dc6a2021-12-21 12:51:09.444root 11241100x8000000000000000724925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3092ac8847bb43042021-12-21 12:51:09.444root 11241100x8000000000000000724926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc77df573169b3b2021-12-21 12:51:09.444root 11241100x8000000000000000724927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9bdfa45807ec72021-12-21 12:51:09.444root 11241100x8000000000000000724928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd72d32a97a88702021-12-21 12:51:09.444root 11241100x8000000000000000724929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c8ce08b8d09f9f2021-12-21 12:51:09.444root 11241100x8000000000000000724930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a1e036d0d94a722021-12-21 12:51:09.444root 11241100x8000000000000000724931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d12411ea6d14d2021-12-21 12:51:09.445root 11241100x8000000000000000724932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde9fe479ffd1462021-12-21 12:51:09.445root 11241100x8000000000000000724933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c95fcbc92e15702021-12-21 12:51:09.445root 11241100x8000000000000000724934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eecd4fba4742082021-12-21 12:51:09.445root 11241100x8000000000000000724935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffb53479461c1422021-12-21 12:51:09.445root 11241100x8000000000000000724936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b99165e7dd970b2021-12-21 12:51:09.445root 11241100x8000000000000000724937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72b556b33d1ce4b2021-12-21 12:51:09.445root 11241100x8000000000000000724938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6f1977dedeae342021-12-21 12:51:09.943root 11241100x8000000000000000724939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1817e7b2e41630742021-12-21 12:51:09.943root 11241100x8000000000000000724940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03dce275ea5dd1f2021-12-21 12:51:09.943root 11241100x8000000000000000724941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c27a9d5322816b2021-12-21 12:51:09.943root 11241100x8000000000000000724942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eced8b23c574822021-12-21 12:51:09.944root 11241100x8000000000000000724943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08148c66218ae7712021-12-21 12:51:09.944root 11241100x8000000000000000724944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634a3861db40fbdc2021-12-21 12:51:09.944root 11241100x8000000000000000724945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1792c30abe03b72021-12-21 12:51:09.944root 11241100x8000000000000000724946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c41fa011c45c2e32021-12-21 12:51:09.944root 11241100x8000000000000000724947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de32f4219c334912021-12-21 12:51:09.944root 11241100x8000000000000000724948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e34cd263c713b52021-12-21 12:51:09.944root 11241100x8000000000000000724949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1d3449f832572d2021-12-21 12:51:09.944root 11241100x8000000000000000724950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aeafe66872d9ee2021-12-21 12:51:09.944root 11241100x8000000000000000724951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88bec3952d237cd2021-12-21 12:51:09.944root 11241100x8000000000000000724952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f141cd0e1a2720ad2021-12-21 12:51:09.944root 11241100x8000000000000000724953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f763b0e937e60d2021-12-21 12:51:09.944root 11241100x8000000000000000724954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07a0ca01023db232021-12-21 12:51:09.944root 11241100x8000000000000000724955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5ce1eb979bfd652021-12-21 12:51:09.944root 11241100x8000000000000000724956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394b062de509ccd42021-12-21 12:51:09.944root 11241100x8000000000000000724957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd498332263c6a72021-12-21 12:51:09.945root 11241100x8000000000000000724958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdc3fda2f2603a72021-12-21 12:51:09.945root 11241100x8000000000000000724959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f146027cdd0365042021-12-21 12:51:09.945root 11241100x8000000000000000724960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9225052e12be3522021-12-21 12:51:09.945root 11241100x8000000000000000724961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f23f1cb5432282021-12-21 12:51:09.945root 11241100x8000000000000000724962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb73056c57045682021-12-21 12:51:10.443root 11241100x8000000000000000724963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094583a3995c78512021-12-21 12:51:10.443root 11241100x8000000000000000724964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748bc2c4bbbcc9382021-12-21 12:51:10.443root 11241100x8000000000000000724965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137e1cd5aa9db48d2021-12-21 12:51:10.443root 11241100x8000000000000000724966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e864e4e29e0f2cd2021-12-21 12:51:10.444root 11241100x8000000000000000724967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef27858abb250912021-12-21 12:51:10.444root 11241100x8000000000000000724968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81995516495da6322021-12-21 12:51:10.444root 11241100x8000000000000000724969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82143f234edb8c132021-12-21 12:51:10.444root 11241100x8000000000000000724970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13103b4096320a682021-12-21 12:51:10.444root 11241100x8000000000000000724971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3bd85b758a6b072021-12-21 12:51:10.444root 11241100x8000000000000000724972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c654d3a7e5d3312021-12-21 12:51:10.444root 11241100x8000000000000000724973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4bc6550846f74b2021-12-21 12:51:10.444root 11241100x8000000000000000724974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5e7b6e3a7d1ff82021-12-21 12:51:10.444root 11241100x8000000000000000724975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab4f8d83868f9b32021-12-21 12:51:10.444root 11241100x8000000000000000724976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562eb9c98bfae5532021-12-21 12:51:10.444root 11241100x8000000000000000724977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23878f043d41e42021-12-21 12:51:10.444root 11241100x8000000000000000724978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3127009e96fca22021-12-21 12:51:10.444root 11241100x8000000000000000724979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15119b5c8ab07d1a2021-12-21 12:51:10.444root 11241100x8000000000000000724980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bad457dd8e4b482021-12-21 12:51:10.444root 11241100x8000000000000000724981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f747928848fde41e2021-12-21 12:51:10.444root 11241100x8000000000000000724982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e63957fb8bc4952021-12-21 12:51:10.445root 11241100x8000000000000000724983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380fd07b5556ebd22021-12-21 12:51:10.445root 11241100x8000000000000000724984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c345546968a222e22021-12-21 12:51:10.445root 11241100x8000000000000000724985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779abcb9ae654c0d2021-12-21 12:51:10.445root 11241100x8000000000000000724986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a16c3a7d30bd06f2021-12-21 12:51:10.943root 11241100x8000000000000000724987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8993ec189bf786ad2021-12-21 12:51:10.943root 11241100x8000000000000000724988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290bb90aa797e96d2021-12-21 12:51:10.943root 11241100x8000000000000000724989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8fd3073bf27d7f2021-12-21 12:51:10.943root 11241100x8000000000000000724990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474d44aad5a1a7d12021-12-21 12:51:10.944root 11241100x8000000000000000724991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219be70717e3a5b62021-12-21 12:51:10.944root 11241100x8000000000000000724992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31978136e759c5b42021-12-21 12:51:10.944root 11241100x8000000000000000724993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2558490d4f658722021-12-21 12:51:10.944root 11241100x8000000000000000724994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7298ed4079764032021-12-21 12:51:10.944root 11241100x8000000000000000724995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447bb449ee642aef2021-12-21 12:51:10.944root 11241100x8000000000000000724996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe80ca7e9c458c992021-12-21 12:51:10.944root 11241100x8000000000000000724997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08b0155076e13b82021-12-21 12:51:10.944root 11241100x8000000000000000724998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c5d259be9c6aff2021-12-21 12:51:10.944root 11241100x8000000000000000724999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0509db59fe2dc6f2021-12-21 12:51:10.944root 11241100x8000000000000000725000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d75292e3bf309292021-12-21 12:51:10.944root 11241100x8000000000000000725001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d15d60481113e302021-12-21 12:51:10.945root 11241100x8000000000000000725002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768e9db7021098d22021-12-21 12:51:10.945root 11241100x8000000000000000725003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef079451b18f6492021-12-21 12:51:10.945root 11241100x8000000000000000725004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d51da24150306ec2021-12-21 12:51:10.945root 11241100x8000000000000000725005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a09ea100a54f322021-12-21 12:51:10.945root 11241100x8000000000000000725006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7663a72a9ac602d52021-12-21 12:51:10.945root 11241100x8000000000000000725007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9238a9616807c72021-12-21 12:51:10.945root 11241100x8000000000000000725008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9267279b8a529a2021-12-21 12:51:10.945root 11241100x8000000000000000725009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a942941bc79400b82021-12-21 12:51:10.945root 11241100x8000000000000000725010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e8751aa0c51a622021-12-21 12:51:11.443root 11241100x8000000000000000725011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de4f2e6feb5b542021-12-21 12:51:11.443root 11241100x8000000000000000725012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8627765ebd1f922021-12-21 12:51:11.443root 11241100x8000000000000000725013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29e97af9c8aa9572021-12-21 12:51:11.443root 11241100x8000000000000000725014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad1a84b16bb6b2f2021-12-21 12:51:11.444root 11241100x8000000000000000725015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ca133f0c5350ee2021-12-21 12:51:11.444root 11241100x8000000000000000725016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a105af4db9cd582021-12-21 12:51:11.444root 11241100x8000000000000000725017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8658da76dcdc3a2021-12-21 12:51:11.444root 11241100x8000000000000000725018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a99361a781aaa02021-12-21 12:51:11.444root 11241100x8000000000000000725019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3788e278d690f2021-12-21 12:51:11.444root 11241100x8000000000000000725020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f195f66fcec0c372021-12-21 12:51:11.444root 11241100x8000000000000000725021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427fb0474a09d64d2021-12-21 12:51:11.444root 11241100x8000000000000000725022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913f20d481e0f082021-12-21 12:51:11.444root 11241100x8000000000000000725023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf86f402cf9c6892021-12-21 12:51:11.444root 11241100x8000000000000000725024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92170ff3e474cc412021-12-21 12:51:11.444root 11241100x8000000000000000725025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f88ad4491d8a3c2021-12-21 12:51:11.444root 11241100x8000000000000000725026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9afe600b6d9e0b2021-12-21 12:51:11.444root 11241100x8000000000000000725027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee514174c17a1c02021-12-21 12:51:11.444root 11241100x8000000000000000725028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc01e29e0e7f2f0e2021-12-21 12:51:11.444root 11241100x8000000000000000725029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812d9a6a9cf1c2612021-12-21 12:51:11.444root 11241100x8000000000000000725030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3987a03c50fdf4472021-12-21 12:51:11.445root 11241100x8000000000000000725031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa85efcade890fbe2021-12-21 12:51:11.445root 11241100x8000000000000000725032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa81c440d7d9acd12021-12-21 12:51:11.445root 11241100x8000000000000000725033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3011c63d1bf2c7ea2021-12-21 12:51:11.445root 11241100x8000000000000000725034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e0ec2c9420c5ac2021-12-21 12:51:11.943root 11241100x8000000000000000725035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15df797e04c8a72021-12-21 12:51:11.943root 11241100x8000000000000000725036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbafeae57bf016e2021-12-21 12:51:11.943root 11241100x8000000000000000725037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d32d63b214cdf2021-12-21 12:51:11.943root 11241100x8000000000000000725038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d594651f59f2ede62021-12-21 12:51:11.944root 11241100x8000000000000000725039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07503b1a4ce0e9322021-12-21 12:51:11.944root 11241100x8000000000000000725040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd252e316f2d5fc2021-12-21 12:51:11.944root 11241100x8000000000000000725041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024fe54c2111c682021-12-21 12:51:11.944root 11241100x8000000000000000725042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8603c3d27587cfe82021-12-21 12:51:11.944root 11241100x8000000000000000725043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3cd63c6077cd212021-12-21 12:51:11.944root 11241100x8000000000000000725044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75466325e167d7c22021-12-21 12:51:11.944root 11241100x8000000000000000725045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d57329ec81950cd2021-12-21 12:51:11.944root 11241100x8000000000000000725046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3829d20ecc9ff12021-12-21 12:51:11.944root 11241100x8000000000000000725047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4574845cdd01751e2021-12-21 12:51:11.944root 11241100x8000000000000000725048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4acaa4fe52042f82021-12-21 12:51:11.944root 11241100x8000000000000000725049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66bcf1c74b466462021-12-21 12:51:11.944root 11241100x8000000000000000725050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842cca599cefad662021-12-21 12:51:11.944root 11241100x8000000000000000725051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd7ab0c50dd67d32021-12-21 12:51:11.944root 11241100x8000000000000000725052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81ac218ebd92e832021-12-21 12:51:11.944root 11241100x8000000000000000725053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7a1ea5d4060eb12021-12-21 12:51:11.944root 11241100x8000000000000000725054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac997df9734942802021-12-21 12:51:11.945root 11241100x8000000000000000725055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0973ed12730ca3e2021-12-21 12:51:11.945root 11241100x8000000000000000725056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bcd7f8c95bae242021-12-21 12:51:11.945root 11241100x8000000000000000725057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b0cffd0d201caf2021-12-21 12:51:11.945root 11241100x8000000000000000725058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ed40c74f4a42802021-12-21 12:51:12.443root 11241100x8000000000000000725059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b17f48c08463bf2021-12-21 12:51:12.443root 11241100x8000000000000000725060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e51bfb19093bbe2021-12-21 12:51:12.443root 11241100x8000000000000000725061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdda3e79dce1a14f2021-12-21 12:51:12.443root 11241100x8000000000000000725062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f39b4d554a259132021-12-21 12:51:12.444root 11241100x8000000000000000725063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e664b895f475f552021-12-21 12:51:12.444root 11241100x8000000000000000725064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72a7d2a19e8d4ee2021-12-21 12:51:12.444root 11241100x8000000000000000725065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e181a714ce4f5952021-12-21 12:51:12.444root 11241100x8000000000000000725066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88ffb6feacdf8d82021-12-21 12:51:12.444root 11241100x8000000000000000725067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88be3a460b08f2112021-12-21 12:51:12.444root 11241100x8000000000000000725068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ddf0fff2002712021-12-21 12:51:12.444root 11241100x8000000000000000725069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242c009122921fce2021-12-21 12:51:12.444root 11241100x8000000000000000725070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bebbb32e2fbba332021-12-21 12:51:12.444root 11241100x8000000000000000725071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172d61a4eb1c04902021-12-21 12:51:12.444root 11241100x8000000000000000725072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730fad364d8fa3e2021-12-21 12:51:12.444root 11241100x8000000000000000725073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f1f165ffa62e1d2021-12-21 12:51:12.444root 11241100x8000000000000000725074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b86d8ef43c4c322021-12-21 12:51:12.444root 11241100x8000000000000000725075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0a994f7027e9af2021-12-21 12:51:12.444root 11241100x8000000000000000725076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c256eb6219f817492021-12-21 12:51:12.444root 11241100x8000000000000000725077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eff1317425512b2021-12-21 12:51:12.444root 11241100x8000000000000000725078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e024b567af7d0752021-12-21 12:51:12.444root 11241100x8000000000000000725079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f4502f83c832562021-12-21 12:51:12.445root 11241100x8000000000000000725080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ba72504fb25e862021-12-21 12:51:12.445root 11241100x8000000000000000725081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c42c37b41a59ecf2021-12-21 12:51:12.445root 11241100x8000000000000000725082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d879487458d332dd2021-12-21 12:51:12.943root 11241100x8000000000000000725083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f5eea9e50cb8f02021-12-21 12:51:12.943root 11241100x8000000000000000725084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb6178ea6710f1d2021-12-21 12:51:12.943root 11241100x8000000000000000725085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f3f96d41d1043a2021-12-21 12:51:12.943root 11241100x8000000000000000725086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21a8c388d8463082021-12-21 12:51:12.944root 11241100x8000000000000000725087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa4705a8e97da282021-12-21 12:51:12.944root 11241100x8000000000000000725088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71f40c987d4928e2021-12-21 12:51:12.944root 11241100x8000000000000000725089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe64044b306ed82021-12-21 12:51:12.944root 11241100x8000000000000000725090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d126bd593f9d760a2021-12-21 12:51:12.944root 11241100x8000000000000000725091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6cdc48e090781e2021-12-21 12:51:12.944root 11241100x8000000000000000725092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6828dd0011ff5fd62021-12-21 12:51:12.944root 11241100x8000000000000000725093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a29f8b014dd5ca02021-12-21 12:51:12.944root 11241100x8000000000000000725094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97b1e366f6a6152021-12-21 12:51:12.944root 11241100x8000000000000000725095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508c3600a75a6bef2021-12-21 12:51:12.944root 11241100x8000000000000000725096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82928a674caeab62021-12-21 12:51:12.944root 11241100x8000000000000000725097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10f52d970d0bfd22021-12-21 12:51:12.944root 11241100x8000000000000000725098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4494a94ffc2d072021-12-21 12:51:12.944root 11241100x8000000000000000725099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7097a5b3117b312021-12-21 12:51:12.944root 11241100x8000000000000000725100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd316b57121ea8422021-12-21 12:51:12.944root 11241100x8000000000000000725101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddbe6dc46f2e8022021-12-21 12:51:12.945root 11241100x8000000000000000725102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a80418cce2867c82021-12-21 12:51:12.945root 11241100x8000000000000000725103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7808816715ad205e2021-12-21 12:51:12.945root 11241100x8000000000000000725104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ae2a6b2e9ffe152021-12-21 12:51:12.945root 11241100x8000000000000000725105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eea05ba06ebcc72021-12-21 12:51:12.945root 11241100x8000000000000000725106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048b9df68c585902021-12-21 12:51:13.443root 11241100x8000000000000000725107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe43793248243b32021-12-21 12:51:13.445root 11241100x8000000000000000725108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d7c5e73b59ee0b2021-12-21 12:51:13.445root 11241100x8000000000000000725109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec7620d8b49190d2021-12-21 12:51:13.445root 11241100x8000000000000000725110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594d296dbda065002021-12-21 12:51:13.445root 11241100x8000000000000000725111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba52276ab33e6eb2021-12-21 12:51:13.445root 11241100x8000000000000000725112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9191b3c68f276e4d2021-12-21 12:51:13.445root 11241100x8000000000000000725113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32741f08e85e7a0a2021-12-21 12:51:13.445root 11241100x8000000000000000725114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3896ba434ed641902021-12-21 12:51:13.445root 11241100x8000000000000000725115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffb186fd4b44e352021-12-21 12:51:13.445root 11241100x8000000000000000725116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeac3f9ad3960f22021-12-21 12:51:13.446root 11241100x8000000000000000725117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ce73a48295c1c42021-12-21 12:51:13.446root 11241100x8000000000000000725118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7cf451a71ca6e2021-12-21 12:51:13.446root 11241100x8000000000000000725119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cdf51007b6ef2d2021-12-21 12:51:13.446root 11241100x8000000000000000725120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb74b5c989d1fde2021-12-21 12:51:13.446root 11241100x8000000000000000725121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0bed71cae1d5aa2021-12-21 12:51:13.446root 11241100x8000000000000000725122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20092ff6424d743b2021-12-21 12:51:13.446root 11241100x8000000000000000725123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060ceb78051087e22021-12-21 12:51:13.446root 11241100x8000000000000000725124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4976be22c6e78cb2021-12-21 12:51:13.446root 11241100x8000000000000000725125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcf8bbb9ff828222021-12-21 12:51:13.446root 11241100x8000000000000000725126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0880aaa1ac282fbe2021-12-21 12:51:13.446root 11241100x8000000000000000725127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbe0adcca86984a2021-12-21 12:51:13.446root 11241100x8000000000000000725128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bfe81387c2b44f2021-12-21 12:51:13.446root 11241100x8000000000000000725129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a34667a61bfd02f2021-12-21 12:51:13.446root 11241100x8000000000000000725130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdda9f2bbe2b98452021-12-21 12:51:13.943root 11241100x8000000000000000725131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e4744ac185ecf82021-12-21 12:51:13.943root 11241100x8000000000000000725132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8896560c8dcef21e2021-12-21 12:51:13.943root 11241100x8000000000000000725133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1589c92c51322b72021-12-21 12:51:13.944root 11241100x8000000000000000725134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f534a5224f3665f2021-12-21 12:51:13.944root 11241100x8000000000000000725135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f96b8561de0a622021-12-21 12:51:13.944root 11241100x8000000000000000725136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7f3bb570e2b892021-12-21 12:51:13.944root 11241100x8000000000000000725137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86566ec515e912932021-12-21 12:51:13.944root 11241100x8000000000000000725138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ec33a427fac0892021-12-21 12:51:13.944root 11241100x8000000000000000725139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0908cfc9307a16c82021-12-21 12:51:13.944root 11241100x8000000000000000725140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fea3796e0e8e2752021-12-21 12:51:13.944root 11241100x8000000000000000725141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78088c92f858572021-12-21 12:51:13.944root 11241100x8000000000000000725142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a796029a83941c3d2021-12-21 12:51:13.944root 11241100x8000000000000000725143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0588d7d28b4e92021-12-21 12:51:13.944root 11241100x8000000000000000725144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8caed97bc65c062021-12-21 12:51:13.945root 11241100x8000000000000000725145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2341aff6fdbde582021-12-21 12:51:13.945root 11241100x8000000000000000725146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fff7faf08658b62021-12-21 12:51:13.945root 11241100x8000000000000000725147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69beed2e70dc25062021-12-21 12:51:13.945root 11241100x8000000000000000725148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2884b303f7dc7d2021-12-21 12:51:13.945root 11241100x8000000000000000725149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaec5bfd65e23d552021-12-21 12:51:13.945root 11241100x8000000000000000725150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63af204d408d9b182021-12-21 12:51:13.945root 11241100x8000000000000000725151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4922e7cee375377d2021-12-21 12:51:13.945root 11241100x8000000000000000725152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22a33693dad05802021-12-21 12:51:13.945root 11241100x8000000000000000725153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de8eee2376ea872021-12-21 12:51:13.945root 354300x8000000000000000725154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.067{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50578-false10.0.1.12-8000- 11241100x8000000000000000725155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738f32b9eeb4882d2021-12-21 12:51:14.443root 11241100x8000000000000000725156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac669611593e882021-12-21 12:51:14.443root 11241100x8000000000000000725157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b5b5098969e7d52021-12-21 12:51:14.443root 11241100x8000000000000000725158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a566bc0bf96be32021-12-21 12:51:14.443root 11241100x8000000000000000725159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09abd646dbeebb0a2021-12-21 12:51:14.444root 11241100x8000000000000000725160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24611fa76af40f152021-12-21 12:51:14.444root 11241100x8000000000000000725161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946a9a4bb37884332021-12-21 12:51:14.444root 11241100x8000000000000000725162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb084c7b87c48822021-12-21 12:51:14.444root 11241100x8000000000000000725163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ac9c20a4c123d2021-12-21 12:51:14.444root 11241100x8000000000000000725164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858579774efda2332021-12-21 12:51:14.444root 11241100x8000000000000000725165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797605c464c3fc542021-12-21 12:51:14.444root 11241100x8000000000000000725166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e609498c5e73c6272021-12-21 12:51:14.445root 11241100x8000000000000000725167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d549c07866d3eb6c2021-12-21 12:51:14.445root 11241100x8000000000000000725168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c7e128101d9eaf2021-12-21 12:51:14.445root 11241100x8000000000000000725169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128d830a1f60c2bb2021-12-21 12:51:14.445root 11241100x8000000000000000725170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac1e905867c2a02021-12-21 12:51:14.445root 11241100x8000000000000000725171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5451381e70031a202021-12-21 12:51:14.445root 11241100x8000000000000000725172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc69edc07f1abe952021-12-21 12:51:14.445root 11241100x8000000000000000725173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd1dfa81536b8a12021-12-21 12:51:14.445root 11241100x8000000000000000725174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4590576f4ef6262021-12-21 12:51:14.445root 11241100x8000000000000000725175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baa877647a336fb2021-12-21 12:51:14.445root 11241100x8000000000000000725176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcc3ed834ec58792021-12-21 12:51:14.445root 11241100x8000000000000000725177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955344f117a683822021-12-21 12:51:14.445root 11241100x8000000000000000725178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f38124a0c3d33902021-12-21 12:51:14.446root 11241100x8000000000000000725179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f347fa9c1b9ad92021-12-21 12:51:14.446root 11241100x8000000000000000725180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac782c427ceb0b82021-12-21 12:51:14.943root 11241100x8000000000000000725181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615e98a6298c9f0c2021-12-21 12:51:14.943root 11241100x8000000000000000725182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f6637d24ac0da72021-12-21 12:51:14.944root 11241100x8000000000000000725183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c7fc767ff33fc2021-12-21 12:51:14.944root 11241100x8000000000000000725184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d23cd12568a70d2021-12-21 12:51:14.944root 11241100x8000000000000000725185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074722dd73b619542021-12-21 12:51:14.944root 11241100x8000000000000000725186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67ba07ed95ee0bb2021-12-21 12:51:14.944root 11241100x8000000000000000725187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac42f41eef851b762021-12-21 12:51:14.944root 11241100x8000000000000000725188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0725843524f742f92021-12-21 12:51:14.945root 11241100x8000000000000000725189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f0cf68c472c552021-12-21 12:51:14.945root 11241100x8000000000000000725190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32701f7a25b83fa12021-12-21 12:51:14.945root 11241100x8000000000000000725191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdab79c7e14729b2021-12-21 12:51:14.945root 11241100x8000000000000000725192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507435e563d5be7e2021-12-21 12:51:14.945root 11241100x8000000000000000725193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0010594c6dafbb662021-12-21 12:51:14.945root 11241100x8000000000000000725194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c7138070caaa92021-12-21 12:51:14.945root 11241100x8000000000000000725195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0834272e156c34e82021-12-21 12:51:14.945root 11241100x8000000000000000725196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59ee7a9488c45ee2021-12-21 12:51:14.945root 11241100x8000000000000000725197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8113bea86741002021-12-21 12:51:14.945root 11241100x8000000000000000725198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8db6f9b4c69e8f32021-12-21 12:51:14.945root 11241100x8000000000000000725199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975677f6aa8c22cc2021-12-21 12:51:14.945root 11241100x8000000000000000725200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6592eb5e5463862021-12-21 12:51:14.945root 11241100x8000000000000000725201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aaccb6c13a6c6a2021-12-21 12:51:14.946root 11241100x8000000000000000725202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d050363439d3c2332021-12-21 12:51:14.946root 11241100x8000000000000000725203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3165f48a4c9aa43b2021-12-21 12:51:14.946root 11241100x8000000000000000725204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acf393a278ece3c2021-12-21 12:51:14.946root 11241100x8000000000000000725205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d46778d550d8012021-12-21 12:51:15.443root 11241100x8000000000000000725206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d13b9443f9baa82021-12-21 12:51:15.444root 11241100x8000000000000000725207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e583e8a6dff02a2021-12-21 12:51:15.444root 11241100x8000000000000000725208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9987234ab7c7ed332021-12-21 12:51:15.444root 11241100x8000000000000000725209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac414bc053f99b882021-12-21 12:51:15.444root 11241100x8000000000000000725210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28472c710f4366c92021-12-21 12:51:15.444root 11241100x8000000000000000725211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477da4037cdaa9442021-12-21 12:51:15.444root 11241100x8000000000000000725212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13d7372a8cea822021-12-21 12:51:15.444root 11241100x8000000000000000725213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b46e071dba33d92021-12-21 12:51:15.444root 11241100x8000000000000000725214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00f49d692285ea2021-12-21 12:51:15.444root 11241100x8000000000000000725215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bd54163a3981552021-12-21 12:51:15.444root 11241100x8000000000000000725216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1408de3b0c0c6b2021-12-21 12:51:15.445root 11241100x8000000000000000725217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2eb7a61a6a2d122021-12-21 12:51:15.445root 11241100x8000000000000000725218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a25e1f641c47c02021-12-21 12:51:15.445root 11241100x8000000000000000725219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfe9bbbb5eb92b2021-12-21 12:51:15.445root 11241100x8000000000000000725220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c19b62e8c8a701a2021-12-21 12:51:15.445root 11241100x8000000000000000725221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e0fb0c64901812021-12-21 12:51:15.445root 11241100x8000000000000000725222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f2604291b52672021-12-21 12:51:15.445root 11241100x8000000000000000725223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b6df8fecaac2f02021-12-21 12:51:15.445root 11241100x8000000000000000725224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddbeeedb9dee9ca2021-12-21 12:51:15.446root 11241100x8000000000000000725225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ee062ee70dd6e12021-12-21 12:51:15.446root 11241100x8000000000000000725226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a2622be32031ff2021-12-21 12:51:15.446root 11241100x8000000000000000725227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b13f92a0c78352021-12-21 12:51:15.446root 11241100x8000000000000000725228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aa79e3f40a7e402021-12-21 12:51:15.446root 11241100x8000000000000000725229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaeebc1e63d20ad72021-12-21 12:51:15.446root 11241100x8000000000000000725230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709e6dc3ff772a472021-12-21 12:51:15.942root 11241100x8000000000000000725231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfe8923f3e141172021-12-21 12:51:15.943root 11241100x8000000000000000725232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47474f203e0b90e92021-12-21 12:51:15.943root 11241100x8000000000000000725233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e13db26fb8a4752021-12-21 12:51:15.943root 11241100x8000000000000000725234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa45ae10483eda72021-12-21 12:51:15.943root 11241100x8000000000000000725235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07e841da96641a22021-12-21 12:51:15.943root 11241100x8000000000000000725236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12125d67c26afbdc2021-12-21 12:51:15.943root 11241100x8000000000000000725237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f785c3477bca8f12021-12-21 12:51:15.943root 11241100x8000000000000000725238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055413688f8f71c82021-12-21 12:51:15.943root 11241100x8000000000000000725239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0688ceaf90fa96be2021-12-21 12:51:15.944root 11241100x8000000000000000725240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6384c3c78e0b622021-12-21 12:51:15.944root 11241100x8000000000000000725241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310af87c52e810b02021-12-21 12:51:15.944root 11241100x8000000000000000725242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b636463007c8c2021-12-21 12:51:15.944root 11241100x8000000000000000725243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da604fea8138cf52021-12-21 12:51:15.944root 11241100x8000000000000000725244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0190aafc4da37a2021-12-21 12:51:15.944root 11241100x8000000000000000725245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ea00438c7e048b2021-12-21 12:51:15.944root 11241100x8000000000000000725246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae7e8b3138407b2021-12-21 12:51:15.945root 11241100x8000000000000000725247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119c3eb51d038db12021-12-21 12:51:15.945root 11241100x8000000000000000725248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b304f80e27280022021-12-21 12:51:15.945root 11241100x8000000000000000725249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e203fa6c5ab7c772021-12-21 12:51:15.945root 11241100x8000000000000000725250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b32c003b8cba78f2021-12-21 12:51:15.945root 11241100x8000000000000000725251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1adb950eeb92aa32021-12-21 12:51:15.945root 11241100x8000000000000000725252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248198b1351c3aff2021-12-21 12:51:15.945root 11241100x8000000000000000725253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd468199efdac9d72021-12-21 12:51:15.945root 11241100x8000000000000000725254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a65d5f3f5859ee62021-12-21 12:51:15.945root 11241100x8000000000000000725255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6779262c2b9ee5fe2021-12-21 12:51:15.946root 11241100x8000000000000000725256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b8d324739869322021-12-21 12:51:15.946root 11241100x8000000000000000725257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c4b60b03ac7d2b2021-12-21 12:51:15.946root 11241100x8000000000000000725258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7816b82db63a94ce2021-12-21 12:51:15.946root 11241100x8000000000000000725259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957913fdc99ebd992021-12-21 12:51:15.946root 11241100x8000000000000000725260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b243d003d31dab72021-12-21 12:51:15.947root 11241100x8000000000000000725261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd2ea1c63da7352021-12-21 12:51:16.443root 11241100x8000000000000000725262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c007564a16971e4d2021-12-21 12:51:16.443root 11241100x8000000000000000725263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe80f21962c3d20c2021-12-21 12:51:16.444root 11241100x8000000000000000725264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21788e33158b5a72021-12-21 12:51:16.444root 11241100x8000000000000000725265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ab1f0cd95ab74f2021-12-21 12:51:16.444root 11241100x8000000000000000725266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b431fc443fed682021-12-21 12:51:16.444root 11241100x8000000000000000725267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d926b46f5adf64382021-12-21 12:51:16.444root 11241100x8000000000000000725268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5082aa18ad6473c2021-12-21 12:51:16.445root 11241100x8000000000000000725269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e900097faeb30df32021-12-21 12:51:16.445root 11241100x8000000000000000725270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2b1323ca579fcd2021-12-21 12:51:16.445root 11241100x8000000000000000725271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08df085ce51184742021-12-21 12:51:16.445root 11241100x8000000000000000725272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6537a5817c747c2021-12-21 12:51:16.445root 11241100x8000000000000000725273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a815fc053a71f32021-12-21 12:51:16.445root 11241100x8000000000000000725274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90fe104fc68e66e2021-12-21 12:51:16.445root 11241100x8000000000000000725275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad16f8a76ccb3ee82021-12-21 12:51:16.445root 11241100x8000000000000000725276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c396824dcb2c0b22021-12-21 12:51:16.445root 11241100x8000000000000000725277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdfdf4c44955e882021-12-21 12:51:16.445root 11241100x8000000000000000725278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56269b2c906b4c2021-12-21 12:51:16.446root 11241100x8000000000000000725279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0887e3c652743ac2021-12-21 12:51:16.446root 11241100x8000000000000000725280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7f83a51b8d778f2021-12-21 12:51:16.446root 11241100x8000000000000000725281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47933ee87d51b2852021-12-21 12:51:16.446root 11241100x8000000000000000725282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35582f4c3b01d6992021-12-21 12:51:16.446root 11241100x8000000000000000725283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80388e2fd851821b2021-12-21 12:51:16.446root 11241100x8000000000000000725284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199dee3d2378e0c12021-12-21 12:51:16.446root 11241100x8000000000000000725285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052bfea13bdbd2082021-12-21 12:51:16.446root 11241100x8000000000000000725286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c61aa029cadb642021-12-21 12:51:16.446root 11241100x8000000000000000725287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1ef0b6068bfb1b2021-12-21 12:51:16.943root 11241100x8000000000000000725288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465c46c194f5ca2c2021-12-21 12:51:16.943root 11241100x8000000000000000725289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5814d99735768cec2021-12-21 12:51:16.943root 11241100x8000000000000000725290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bac1da60bd0f8862021-12-21 12:51:16.943root 11241100x8000000000000000725291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b646e2395095d2021-12-21 12:51:16.944root 11241100x8000000000000000725292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4a24beecc8a3aa2021-12-21 12:51:16.944root 11241100x8000000000000000725293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe83f65937e35a8d2021-12-21 12:51:16.944root 11241100x8000000000000000725294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872c8e9a03627a7b2021-12-21 12:51:16.944root 11241100x8000000000000000725295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bbaabcc5a0d4002021-12-21 12:51:16.944root 11241100x8000000000000000725296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf982e2c03d409ae2021-12-21 12:51:16.944root 11241100x8000000000000000725297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13da85a138dd162021-12-21 12:51:16.944root 11241100x8000000000000000725298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5addfe256d44764a2021-12-21 12:51:16.944root 11241100x8000000000000000725299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4c423c9e4d5c252021-12-21 12:51:16.944root 11241100x8000000000000000725300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048a0b07d70fb1d2021-12-21 12:51:16.944root 11241100x8000000000000000725301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93cafc61e52f9ed2021-12-21 12:51:16.945root 11241100x8000000000000000725302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c95c87e0f832db52021-12-21 12:51:16.945root 11241100x8000000000000000725303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b1aebaceae0de2021-12-21 12:51:16.945root 11241100x8000000000000000725304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac272841e7a8cfdb2021-12-21 12:51:16.945root 11241100x8000000000000000725305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddff4e269781b9742021-12-21 12:51:16.945root 11241100x8000000000000000725306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b47a26a7d5d4362021-12-21 12:51:16.945root 11241100x8000000000000000725307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d18ea90559a4e02021-12-21 12:51:16.945root 11241100x8000000000000000725308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13bc99956876fda2021-12-21 12:51:16.945root 11241100x8000000000000000725309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cefcdf3cdd21ebc2021-12-21 12:51:16.945root 11241100x8000000000000000725310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f721612a31b2c52021-12-21 12:51:16.945root 11241100x8000000000000000725311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4806821fdad81d2021-12-21 12:51:16.945root 11241100x8000000000000000725312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1336a75383430f2021-12-21 12:51:17.443root 11241100x8000000000000000725313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90be926412b42f32021-12-21 12:51:17.443root 11241100x8000000000000000725314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cdcf19be997b262021-12-21 12:51:17.444root 11241100x8000000000000000725315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09706bd5a6a02922021-12-21 12:51:17.444root 11241100x8000000000000000725316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5c6a0b41c2123e2021-12-21 12:51:17.444root 11241100x8000000000000000725317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277aeb4fc838dd242021-12-21 12:51:17.444root 11241100x8000000000000000725318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6371059d65dca7852021-12-21 12:51:17.444root 11241100x8000000000000000725319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ee6df740a83acd2021-12-21 12:51:17.444root 11241100x8000000000000000725320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4142ebbc1e1c7d22021-12-21 12:51:17.444root 11241100x8000000000000000725321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed97c051be38b5f2021-12-21 12:51:17.444root 11241100x8000000000000000725322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545cbf48886ce96c2021-12-21 12:51:17.444root 11241100x8000000000000000725323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c82397aded4f5c42021-12-21 12:51:17.444root 11241100x8000000000000000725324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d34a976f5bb0022021-12-21 12:51:17.444root 11241100x8000000000000000725325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5830e28fed81dd92021-12-21 12:51:17.444root 11241100x8000000000000000725326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c42f900089ef172021-12-21 12:51:17.444root 11241100x8000000000000000725327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabc691eafa0727f2021-12-21 12:51:17.445root 11241100x8000000000000000725328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bafceda6ebdc202021-12-21 12:51:17.445root 11241100x8000000000000000725329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6986726f5317331a2021-12-21 12:51:17.445root 11241100x8000000000000000725330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b61babc0e5da7e2021-12-21 12:51:17.445root 11241100x8000000000000000725331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e7768dbf45caa2021-12-21 12:51:17.445root 11241100x8000000000000000725332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ec8d71344b17a12021-12-21 12:51:17.445root 11241100x8000000000000000725333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165f10fed63c68b72021-12-21 12:51:17.445root 11241100x8000000000000000725334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f31b4590776da22021-12-21 12:51:17.445root 11241100x8000000000000000725335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17645927fa74f9e22021-12-21 12:51:17.445root 11241100x8000000000000000725336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a073d9da9e9952e2021-12-21 12:51:17.445root 11241100x8000000000000000725337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147e41e5c1f7ea632021-12-21 12:51:17.943root 11241100x8000000000000000725338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4b18b33642dddb2021-12-21 12:51:17.943root 11241100x8000000000000000725339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ee14f592af0e5e2021-12-21 12:51:17.943root 11241100x8000000000000000725340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a0e96c6a4fc492021-12-21 12:51:17.944root 11241100x8000000000000000725341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2f1dfd88a383412021-12-21 12:51:17.944root 11241100x8000000000000000725342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a937b67591288f2021-12-21 12:51:17.944root 11241100x8000000000000000725343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d545d75ddce83b2a2021-12-21 12:51:17.945root 11241100x8000000000000000725344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445b8cc6281e9ff2021-12-21 12:51:17.945root 11241100x8000000000000000725345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080ebbace00891da2021-12-21 12:51:17.945root 11241100x8000000000000000725346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cd0075f82858b12021-12-21 12:51:17.945root 11241100x8000000000000000725347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815251ba6aada8652021-12-21 12:51:17.945root 11241100x8000000000000000725348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291778739c55f37b2021-12-21 12:51:17.945root 11241100x8000000000000000725349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831d81987b3c20722021-12-21 12:51:17.945root 11241100x8000000000000000725350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be941273e2de36692021-12-21 12:51:17.945root 11241100x8000000000000000725351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef288722b937142021-12-21 12:51:17.946root 11241100x8000000000000000725352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6dbdb2bc6802ea2021-12-21 12:51:17.946root 11241100x8000000000000000725353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6366e3a34461432021-12-21 12:51:17.946root 11241100x8000000000000000725354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5054110cfc89a362021-12-21 12:51:17.946root 11241100x8000000000000000725355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437d8a8af88af6742021-12-21 12:51:17.946root 11241100x8000000000000000725356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b1a8c7e8a945d92021-12-21 12:51:17.946root 11241100x8000000000000000725357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d3889f27172492021-12-21 12:51:17.946root 11241100x8000000000000000725358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f9f10a3e8f21a2021-12-21 12:51:17.946root 11241100x8000000000000000725359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a722bf2605455b52021-12-21 12:51:17.946root 11241100x8000000000000000725360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1251f5c5a96fc9f32021-12-21 12:51:17.946root 11241100x8000000000000000725361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace233a77d265a662021-12-21 12:51:17.946root 11241100x8000000000000000725362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b47f1f89def421d2021-12-21 12:51:18.443root 11241100x8000000000000000725363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1d7ba506a760392021-12-21 12:51:18.443root 11241100x8000000000000000725364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7955a37024b05bef2021-12-21 12:51:18.443root 11241100x8000000000000000725365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4c4539729d5a6a2021-12-21 12:51:18.443root 11241100x8000000000000000725366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a0f3870e953cc2021-12-21 12:51:18.444root 11241100x8000000000000000725367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13985edb163d43632021-12-21 12:51:18.444root 11241100x8000000000000000725368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633ffcfd0a6b4b8a2021-12-21 12:51:18.444root 11241100x8000000000000000725369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9038c85c3cf25d932021-12-21 12:51:18.444root 11241100x8000000000000000725370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1792e7d415f4d82021-12-21 12:51:18.444root 11241100x8000000000000000725371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dd8ba5b98e7bfd2021-12-21 12:51:18.444root 11241100x8000000000000000725372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651781d46a5981e82021-12-21 12:51:18.444root 11241100x8000000000000000725373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71391c82337e347c2021-12-21 12:51:18.444root 11241100x8000000000000000725374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337d9ad6ffe35f722021-12-21 12:51:18.444root 11241100x8000000000000000725375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdab13d9729747a2021-12-21 12:51:18.444root 11241100x8000000000000000725376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76051406f377b6ec2021-12-21 12:51:18.445root 11241100x8000000000000000725377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64580ee4b25b76ab2021-12-21 12:51:18.445root 11241100x8000000000000000725378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b81444296d3c02021-12-21 12:51:18.445root 11241100x8000000000000000725379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e156239a41585f62021-12-21 12:51:18.445root 11241100x8000000000000000725380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4ae1aa2c154db92021-12-21 12:51:18.445root 11241100x8000000000000000725381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ef4e8ef909dfb72021-12-21 12:51:18.445root 11241100x8000000000000000725382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114b2423157c00142021-12-21 12:51:18.445root 11241100x8000000000000000725383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9cb96db294e93c2021-12-21 12:51:18.445root 11241100x8000000000000000725384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760c94cabbb36e8e2021-12-21 12:51:18.445root 11241100x8000000000000000725385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b25cdeeb2677a2021-12-21 12:51:18.446root 11241100x8000000000000000725386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a38f1cc4049e3f2021-12-21 12:51:18.446root 11241100x8000000000000000725387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f999b6a812ce302021-12-21 12:51:18.943root 11241100x8000000000000000725388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fec73ef9c76f072021-12-21 12:51:18.943root 11241100x8000000000000000725389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae550deff30954692021-12-21 12:51:18.943root 11241100x8000000000000000725390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46836a4bc335151a2021-12-21 12:51:18.943root 11241100x8000000000000000725391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021027d8c4349d72021-12-21 12:51:18.944root 11241100x8000000000000000725392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c49113403565382021-12-21 12:51:18.944root 11241100x8000000000000000725393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a92d316dc572ab2021-12-21 12:51:18.944root 11241100x8000000000000000725394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5df74f46d81ab072021-12-21 12:51:18.944root 11241100x8000000000000000725395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d2bc94549f6ef2021-12-21 12:51:18.944root 11241100x8000000000000000725396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675eacc7963bbd172021-12-21 12:51:18.944root 11241100x8000000000000000725397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367adf9c5d5ebfc52021-12-21 12:51:18.944root 11241100x8000000000000000725398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634e93534abee79a2021-12-21 12:51:18.944root 11241100x8000000000000000725399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4316fa09c117ad92021-12-21 12:51:18.944root 11241100x8000000000000000725400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee86d9881d0e6c0b2021-12-21 12:51:18.944root 11241100x8000000000000000725401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef11f1fd89d9c4a92021-12-21 12:51:18.945root 11241100x8000000000000000725402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f76a05b0205cd142021-12-21 12:51:18.945root 11241100x8000000000000000725403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a5c5700b358d452021-12-21 12:51:18.945root 11241100x8000000000000000725404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8367a1916e7e72021-12-21 12:51:18.945root 11241100x8000000000000000725405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e16cf2cc9daa6b2021-12-21 12:51:18.945root 11241100x8000000000000000725406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76639ae5b5e27ec2021-12-21 12:51:18.945root 11241100x8000000000000000725407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16da0299b44b6582021-12-21 12:51:18.945root 11241100x8000000000000000725408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2cc884b80b7632021-12-21 12:51:18.945root 11241100x8000000000000000725409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad32f2a9740fa1c72021-12-21 12:51:18.945root 11241100x8000000000000000725410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c426c697c84493622021-12-21 12:51:18.945root 11241100x8000000000000000725411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5e2b90011cc022021-12-21 12:51:18.945root 354300x8000000000000000725412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.249{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50580-false10.0.1.12-8000- 11241100x8000000000000000725413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec539edbeddc1052021-12-21 12:51:19.250root 11241100x8000000000000000725414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d8dd3b6b8e80e2021-12-21 12:51:19.250root 11241100x8000000000000000725415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9f152900092b9f2021-12-21 12:51:19.250root 11241100x8000000000000000725416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc95e147077e4632021-12-21 12:51:19.250root 11241100x8000000000000000725417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0effb3cb1e3d18b2021-12-21 12:51:19.250root 11241100x8000000000000000725418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d7d5b0f7e1fbd22021-12-21 12:51:19.250root 11241100x8000000000000000725419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9e9b31e8a970c92021-12-21 12:51:19.250root 11241100x8000000000000000725420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339cbc69f75fb3cd2021-12-21 12:51:19.250root 11241100x8000000000000000725421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf1527017984fdf2021-12-21 12:51:19.251root 11241100x8000000000000000725422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df31ac5f8aed0a3d2021-12-21 12:51:19.251root 11241100x8000000000000000725423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e812a18dc3b5b62021-12-21 12:51:19.251root 11241100x8000000000000000725424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b075ac4e2927fc32021-12-21 12:51:19.251root 11241100x8000000000000000725425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996348c0852261aa2021-12-21 12:51:19.251root 11241100x8000000000000000725426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdc6e88f0f6c9352021-12-21 12:51:19.251root 11241100x8000000000000000725427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310d90d51371fa672021-12-21 12:51:19.251root 11241100x8000000000000000725428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13676c78206ca08f2021-12-21 12:51:19.251root 11241100x8000000000000000725429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e2782c39b329782021-12-21 12:51:19.251root 11241100x8000000000000000725430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c5da0ae708a0d82021-12-21 12:51:19.252root 11241100x8000000000000000725431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb44a7d6ab96ff02021-12-21 12:51:19.252root 11241100x8000000000000000725432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d8d560aa738d062021-12-21 12:51:19.252root 11241100x8000000000000000725433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e76ad2600eb26e2021-12-21 12:51:19.252root 11241100x8000000000000000725434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17195712ccda31202021-12-21 12:51:19.252root 11241100x8000000000000000725435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0946677fbdc4a4662021-12-21 12:51:19.252root 11241100x8000000000000000725436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588a2dbd6a20121d2021-12-21 12:51:19.252root 11241100x8000000000000000725437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2640f0b29d54ee2021-12-21 12:51:19.252root 11241100x8000000000000000725438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19630530ea50c532021-12-21 12:51:19.252root 11241100x8000000000000000725439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b6a90c0619c11b2021-12-21 12:51:19.252root 11241100x8000000000000000725440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2f9298b85b7a6b2021-12-21 12:51:19.693root 11241100x8000000000000000725441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bde8f566758e2c2021-12-21 12:51:19.694root 11241100x8000000000000000725442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4704d3bc80fbc812021-12-21 12:51:19.694root 11241100x8000000000000000725443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de6a3bf0d1204df2021-12-21 12:51:19.694root 11241100x8000000000000000725444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf411837c054176b2021-12-21 12:51:19.694root 11241100x8000000000000000725445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea700d120b7e7692021-12-21 12:51:19.694root 11241100x8000000000000000725446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ba7bcf53915542021-12-21 12:51:19.695root 11241100x8000000000000000725447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da56a2bba89ecd0f2021-12-21 12:51:19.695root 11241100x8000000000000000725448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e888b1723de6962021-12-21 12:51:19.695root 11241100x8000000000000000725449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebabad7b5e9e9b932021-12-21 12:51:19.695root 11241100x8000000000000000725450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7445653616ee79e42021-12-21 12:51:19.695root 11241100x8000000000000000725451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ac511e328bc1822021-12-21 12:51:19.697root 11241100x8000000000000000725452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9784547f0272bc42021-12-21 12:51:19.697root 11241100x8000000000000000725453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4085bf4f87a57d2021-12-21 12:51:19.697root 11241100x8000000000000000725454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c5831b8b24712c2021-12-21 12:51:19.697root 11241100x8000000000000000725455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8af7502f85f783f2021-12-21 12:51:19.697root 11241100x8000000000000000725456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774cfe2911a8d0a42021-12-21 12:51:19.698root 11241100x8000000000000000725457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347f4850cdc9ed472021-12-21 12:51:19.698root 11241100x8000000000000000725458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b04e3dfbb625a2021-12-21 12:51:19.698root 11241100x8000000000000000725459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f405857aea6e0812021-12-21 12:51:19.698root 11241100x8000000000000000725460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bdb178165833c32021-12-21 12:51:19.698root 11241100x8000000000000000725461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7115f1a2c22182021-12-21 12:51:19.698root 11241100x8000000000000000725462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf7e1558322dad22021-12-21 12:51:19.698root 11241100x8000000000000000725463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9d4cd9030f4b362021-12-21 12:51:19.698root 11241100x8000000000000000725464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1436ae2e41a78be32021-12-21 12:51:19.698root 11241100x8000000000000000725465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63fa2303ebc6fce2021-12-21 12:51:19.698root 11241100x8000000000000000725466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0784f36f88572ba52021-12-21 12:51:20.193root 11241100x8000000000000000725467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b0da4dffa23a162021-12-21 12:51:20.194root 11241100x8000000000000000725468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2008824b2295e62021-12-21 12:51:20.194root 11241100x8000000000000000725469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e591e8fc876305b2021-12-21 12:51:20.194root 11241100x8000000000000000725470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef931947ad3359d2021-12-21 12:51:20.194root 11241100x8000000000000000725471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a00ebddad6da832021-12-21 12:51:20.194root 11241100x8000000000000000725472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f544e1e22c46c92021-12-21 12:51:20.194root 11241100x8000000000000000725473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe327e5a8b36ba1d2021-12-21 12:51:20.194root 11241100x8000000000000000725474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f17e3ae4af68fa2021-12-21 12:51:20.194root 11241100x8000000000000000725475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474eedd331b0075d2021-12-21 12:51:20.194root 11241100x8000000000000000725476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ff610786b6263a2021-12-21 12:51:20.194root 11241100x8000000000000000725477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e65c1a39715bcc72021-12-21 12:51:20.194root 11241100x8000000000000000725478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d3910e1139befe2021-12-21 12:51:20.194root 11241100x8000000000000000725479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d643d978b1ee8c672021-12-21 12:51:20.194root 11241100x8000000000000000725480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d247d0044e2e6c32021-12-21 12:51:20.194root 11241100x8000000000000000725481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29a4cacac8f8e082021-12-21 12:51:20.195root 11241100x8000000000000000725482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf5f8e08a85b68c2021-12-21 12:51:20.195root 11241100x8000000000000000725483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de23033c4c0879be2021-12-21 12:51:20.195root 11241100x8000000000000000725484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c6a0fc2f85654c2021-12-21 12:51:20.195root 11241100x8000000000000000725485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae745f7a711448932021-12-21 12:51:20.195root 11241100x8000000000000000725486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49d27911f3d99692021-12-21 12:51:20.195root 11241100x8000000000000000725487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c6a2f8c8dc85d2021-12-21 12:51:20.195root 11241100x8000000000000000725488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70df351e823c6b642021-12-21 12:51:20.195root 11241100x8000000000000000725489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ff0ed57eded23a2021-12-21 12:51:20.195root 11241100x8000000000000000725490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea36ff79a47af5e2021-12-21 12:51:20.195root 11241100x8000000000000000725491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d40c4de4f57e5922021-12-21 12:51:20.195root 11241100x8000000000000000725492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93799cd5e1ae43442021-12-21 12:51:20.693root 11241100x8000000000000000725493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d9f786c90e75e82021-12-21 12:51:20.694root 11241100x8000000000000000725494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d429cddf3d329ac2021-12-21 12:51:20.694root 11241100x8000000000000000725495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c8163f262c52a22021-12-21 12:51:20.694root 11241100x8000000000000000725496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafa570ae44b4b822021-12-21 12:51:20.694root 11241100x8000000000000000725497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e99bc43cfba8b22021-12-21 12:51:20.694root 11241100x8000000000000000725498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16141e4a3422d3202021-12-21 12:51:20.694root 11241100x8000000000000000725499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684dffdbb3dc46652021-12-21 12:51:20.694root 11241100x8000000000000000725500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbebb9575c91dfe2021-12-21 12:51:20.694root 11241100x8000000000000000725501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3282e48e03d2832021-12-21 12:51:20.694root 11241100x8000000000000000725502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd6e49da71e9bd2021-12-21 12:51:20.694root 11241100x8000000000000000725503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e342581dac956da92021-12-21 12:51:20.694root 11241100x8000000000000000725504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3283edca769865ee2021-12-21 12:51:20.694root 11241100x8000000000000000725505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd16ce9199ec1602021-12-21 12:51:20.694root 11241100x8000000000000000725506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a965087dd26e1d62021-12-21 12:51:20.694root 11241100x8000000000000000725507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5649bf25748a58322021-12-21 12:51:20.694root 11241100x8000000000000000725508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4647247102f725862021-12-21 12:51:20.695root 11241100x8000000000000000725509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abbfeafeaf1b9d82021-12-21 12:51:20.695root 11241100x8000000000000000725510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ab6d3bc8d5a19e2021-12-21 12:51:20.695root 11241100x8000000000000000725511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896a8514e65f51d02021-12-21 12:51:20.695root 11241100x8000000000000000725512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306a14c4339941cb2021-12-21 12:51:20.695root 11241100x8000000000000000725513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bab40c830d3d5ee2021-12-21 12:51:20.695root 11241100x8000000000000000725514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6dc96ead28e64e2021-12-21 12:51:20.695root 11241100x8000000000000000725515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0635f8ac0e24167f2021-12-21 12:51:20.695root 11241100x8000000000000000725516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b75b3a7742446662021-12-21 12:51:20.695root 11241100x8000000000000000725517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bbb01bcd8b8f832021-12-21 12:51:20.695root 11241100x8000000000000000725518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26b46d01c586bbd2021-12-21 12:51:21.194root 11241100x8000000000000000725519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b6c7904302718d2021-12-21 12:51:21.194root 11241100x8000000000000000725520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d390e9391b75da42021-12-21 12:51:21.194root 11241100x8000000000000000725521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda1ebd8ce847aba2021-12-21 12:51:21.194root 11241100x8000000000000000725522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc137b4803a198f52021-12-21 12:51:21.194root 11241100x8000000000000000725523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43226d84bde208072021-12-21 12:51:21.194root 11241100x8000000000000000725524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8861c237a49322021-12-21 12:51:21.194root 11241100x8000000000000000725525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e328bbef6c697e2021-12-21 12:51:21.194root 11241100x8000000000000000725526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0441fafa897d228c2021-12-21 12:51:21.194root 11241100x8000000000000000725527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e016716eb3f5e2021-12-21 12:51:21.194root 11241100x8000000000000000725528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cc4f60f72b68f82021-12-21 12:51:21.194root 11241100x8000000000000000725529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6b7dd0a8718b052021-12-21 12:51:21.194root 11241100x8000000000000000725530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2916b766455b7a6b2021-12-21 12:51:21.195root 11241100x8000000000000000725531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e756b5aca2f244a62021-12-21 12:51:21.195root 11241100x8000000000000000725532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6438732571a6ff22021-12-21 12:51:21.195root 11241100x8000000000000000725533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05cf471262cd59c2021-12-21 12:51:21.195root 11241100x8000000000000000725534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaba972f76b9efe2021-12-21 12:51:21.195root 11241100x8000000000000000725535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880eff078535d3ac2021-12-21 12:51:21.195root 11241100x8000000000000000725536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b72b32164e5edce2021-12-21 12:51:21.195root 11241100x8000000000000000725537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e49d8979a0ebf392021-12-21 12:51:21.195root 11241100x8000000000000000725538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ff00c62fb1bf9c2021-12-21 12:51:21.195root 11241100x8000000000000000725539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f7a73a2178af922021-12-21 12:51:21.195root 11241100x8000000000000000725540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4df8768bfa1aa62021-12-21 12:51:21.195root 11241100x8000000000000000725541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad901075e53c18342021-12-21 12:51:21.195root 11241100x8000000000000000725542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9074a62e79f8952021-12-21 12:51:21.195root 11241100x8000000000000000725543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b9ff72328987972021-12-21 12:51:21.195root 11241100x8000000000000000725544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59749fa9c5b539fe2021-12-21 12:51:21.694root 11241100x8000000000000000725545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57257043c212d8d2021-12-21 12:51:21.694root 11241100x8000000000000000725546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ea8385e22e1232021-12-21 12:51:21.694root 11241100x8000000000000000725547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbce64e7ba67647c2021-12-21 12:51:21.694root 11241100x8000000000000000725548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b507ab1442d41862021-12-21 12:51:21.694root 11241100x8000000000000000725549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f58dcdeb3981a82021-12-21 12:51:21.694root 11241100x8000000000000000725550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61900c52175b7d72021-12-21 12:51:21.694root 11241100x8000000000000000725551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbb368b343a12f92021-12-21 12:51:21.694root 11241100x8000000000000000725552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ad6e3a5c8609fe2021-12-21 12:51:21.694root 11241100x8000000000000000725553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24560814e9291b92021-12-21 12:51:21.694root 11241100x8000000000000000725554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0145ac5cea00ff2021-12-21 12:51:21.694root 11241100x8000000000000000725555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1040b8c09702792021-12-21 12:51:21.694root 11241100x8000000000000000725556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f3a60e1f6aba9b2021-12-21 12:51:21.694root 11241100x8000000000000000725557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37339544c98ebf2021-12-21 12:51:21.694root 11241100x8000000000000000725558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3574bc3f727132b32021-12-21 12:51:21.695root 11241100x8000000000000000725559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfebdab73135f5b2021-12-21 12:51:21.695root 11241100x8000000000000000725560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96156f5b30aa6b22021-12-21 12:51:21.695root 11241100x8000000000000000725561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098e6bc3ad107bf52021-12-21 12:51:21.695root 11241100x8000000000000000725562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803ad9d082e6bc02021-12-21 12:51:21.695root 11241100x8000000000000000725563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07954b268ad35fdd2021-12-21 12:51:21.695root 11241100x8000000000000000725564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c1493c656dd9322021-12-21 12:51:21.695root 11241100x8000000000000000725565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9171ee185bf830af2021-12-21 12:51:21.695root 11241100x8000000000000000725566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec27c3239989ae02021-12-21 12:51:21.695root 11241100x8000000000000000725567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d51be97d1cb92c2021-12-21 12:51:21.695root 11241100x8000000000000000725568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d689a7f7c1cb792021-12-21 12:51:21.695root 11241100x8000000000000000725569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e61e04a427ec832021-12-21 12:51:21.695root 11241100x8000000000000000725570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f36325a02bbf3462021-12-21 12:51:22.193root 11241100x8000000000000000725571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31be1da01f415e822021-12-21 12:51:22.193root 11241100x8000000000000000725572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35b7e2fb8c70b12021-12-21 12:51:22.193root 11241100x8000000000000000725573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bb4703d8e9663c2021-12-21 12:51:22.193root 11241100x8000000000000000725574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716046c891c559e02021-12-21 12:51:22.193root 11241100x8000000000000000725575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e294c6066a8a44232021-12-21 12:51:22.193root 11241100x8000000000000000725576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6f31d2b87b4dca2021-12-21 12:51:22.193root 11241100x8000000000000000725577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c703aa25f86b31b92021-12-21 12:51:22.194root 11241100x8000000000000000725578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b7a2d888e4df5f2021-12-21 12:51:22.194root 11241100x8000000000000000725579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f0aa72bb8b78c22021-12-21 12:51:22.194root 11241100x8000000000000000725580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74a2889c1c07d592021-12-21 12:51:22.194root 11241100x8000000000000000725581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68217ce80e43982021-12-21 12:51:22.194root 11241100x8000000000000000725582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e038fe121db7c2021-12-21 12:51:22.195root 11241100x8000000000000000725583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea7873548275fff2021-12-21 12:51:22.195root 11241100x8000000000000000725584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe9f9c1f1a84fde2021-12-21 12:51:22.195root 11241100x8000000000000000725585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed3bd958022c8df2021-12-21 12:51:22.195root 11241100x8000000000000000725586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef3ee1d327e58312021-12-21 12:51:22.195root 11241100x8000000000000000725587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad115ae6480c4be2021-12-21 12:51:22.195root 11241100x8000000000000000725588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac6dcf3bbde722b2021-12-21 12:51:22.195root 11241100x8000000000000000725589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4820e9279710472021-12-21 12:51:22.196root 11241100x8000000000000000725590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0742e9a9dff8c9e2021-12-21 12:51:22.196root 11241100x8000000000000000725591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f182ca12d8ced67a2021-12-21 12:51:22.196root 11241100x8000000000000000725592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ea89e5b40539fa2021-12-21 12:51:22.196root 11241100x8000000000000000725593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2c7810ac3ce9ca2021-12-21 12:51:22.196root 11241100x8000000000000000725594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28db27069a5e48c2021-12-21 12:51:22.196root 11241100x8000000000000000725595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2cac045d0abccc2021-12-21 12:51:22.196root 11241100x8000000000000000725596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088c405d6308cc062021-12-21 12:51:22.196root 11241100x8000000000000000725597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8d34d3747cfdda2021-12-21 12:51:22.196root 11241100x8000000000000000725598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b8a95254e4aa5b2021-12-21 12:51:22.196root 11241100x8000000000000000725599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e9c33ad300edce2021-12-21 12:51:22.196root 11241100x8000000000000000725600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2659b6082a7945ad2021-12-21 12:51:22.196root 11241100x8000000000000000725601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503853138efc67c62021-12-21 12:51:22.197root 11241100x8000000000000000725602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2294493aa5fdfd282021-12-21 12:51:22.198root 11241100x8000000000000000725603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83497fb0933a3402021-12-21 12:51:22.693root 11241100x8000000000000000725604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787064232626ead2021-12-21 12:51:22.693root 11241100x8000000000000000725605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fac5c2be9490d9a2021-12-21 12:51:22.693root 11241100x8000000000000000725606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd021f115fc693c62021-12-21 12:51:22.693root 11241100x8000000000000000725607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3228c9868ff2c022021-12-21 12:51:22.694root 11241100x8000000000000000725608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288014b29b0794092021-12-21 12:51:22.694root 11241100x8000000000000000725609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b946b599b3c8911a2021-12-21 12:51:22.694root 11241100x8000000000000000725610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c2e023439985d82021-12-21 12:51:22.694root 11241100x8000000000000000725611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0ccc86641eacd32021-12-21 12:51:22.694root 11241100x8000000000000000725612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b21bc3c35d792f2021-12-21 12:51:22.694root 11241100x8000000000000000725613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac42ed881fe2d2422021-12-21 12:51:22.695root 11241100x8000000000000000725614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd76f4882d9d49f2021-12-21 12:51:22.695root 11241100x8000000000000000725615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec30a1f84c78b352021-12-21 12:51:22.695root 11241100x8000000000000000725616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad2b09410626fb2021-12-21 12:51:22.695root 11241100x8000000000000000725617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555929e063d88a92021-12-21 12:51:22.695root 11241100x8000000000000000725618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24247149c5e957972021-12-21 12:51:22.695root 11241100x8000000000000000725619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3fc0f43e8a88432021-12-21 12:51:22.695root 11241100x8000000000000000725620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ec776c7f682fbf2021-12-21 12:51:22.695root 11241100x8000000000000000725621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b7f62bc1cfb2642021-12-21 12:51:22.695root 11241100x8000000000000000725622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df126a677ca560252021-12-21 12:51:22.696root 11241100x8000000000000000725623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8b556af3bc76722021-12-21 12:51:22.696root 11241100x8000000000000000725624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04ff757b93835d52021-12-21 12:51:22.696root 11241100x8000000000000000725625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf83f900415f54d2021-12-21 12:51:22.696root 11241100x8000000000000000725626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46712142e8f9b7d72021-12-21 12:51:22.696root 11241100x8000000000000000725627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f866e09478227af72021-12-21 12:51:22.696root 11241100x8000000000000000725628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47612c5c348f8832021-12-21 12:51:22.697root 11241100x8000000000000000725629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71f415271d7fe222021-12-21 12:51:22.697root 11241100x8000000000000000725630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59749761c00c287d2021-12-21 12:51:22.697root 11241100x8000000000000000725631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:22.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd55839e456370012021-12-21 12:51:22.700root 11241100x8000000000000000725632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcb9a3f5a373d812021-12-21 12:51:23.193root 11241100x8000000000000000725633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9873d8e8ed2244b62021-12-21 12:51:23.193root 11241100x8000000000000000725634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8e63956353dd022021-12-21 12:51:23.193root 11241100x8000000000000000725635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f740673fcd5acb2021-12-21 12:51:23.193root 11241100x8000000000000000725636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35aebc05e33c2692021-12-21 12:51:23.193root 11241100x8000000000000000725637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4326a98802cc682021-12-21 12:51:23.193root 11241100x8000000000000000725638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d72cea739cf3ae2021-12-21 12:51:23.193root 11241100x8000000000000000725639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5bfd3ca1b12acb2021-12-21 12:51:23.194root 11241100x8000000000000000725640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b84cf3336a945d2021-12-21 12:51:23.194root 11241100x8000000000000000725641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62324281ad8196a82021-12-21 12:51:23.194root 11241100x8000000000000000725642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1774ef84c37bd92021-12-21 12:51:23.194root 11241100x8000000000000000725643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6d1068e06bcc42021-12-21 12:51:23.195root 11241100x8000000000000000725644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbced7c322b7f7b2021-12-21 12:51:23.195root 11241100x8000000000000000725645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866ac58b990b942b2021-12-21 12:51:23.195root 11241100x8000000000000000725646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3891fdf95a94ff2021-12-21 12:51:23.195root 11241100x8000000000000000725647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfe3961059812262021-12-21 12:51:23.195root 11241100x8000000000000000725648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500231defea3f4032021-12-21 12:51:23.196root 11241100x8000000000000000725649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3303571d415a72b02021-12-21 12:51:23.196root 11241100x8000000000000000725650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bad26825a454d2b2021-12-21 12:51:23.196root 11241100x8000000000000000725651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631cd83ee27b45672021-12-21 12:51:23.196root 11241100x8000000000000000725652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761e50e831e172812021-12-21 12:51:23.196root 11241100x8000000000000000725653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fa354e79c3840a2021-12-21 12:51:23.196root 11241100x8000000000000000725654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f5b2ec8ed533d22021-12-21 12:51:23.196root 11241100x8000000000000000725655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732824471c2844262021-12-21 12:51:23.196root 11241100x8000000000000000725656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b484d8c581c9702021-12-21 12:51:23.196root 11241100x8000000000000000725657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3876b2e6acfc6f22021-12-21 12:51:23.196root 11241100x8000000000000000725658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c221ae92f63c02021-12-21 12:51:23.197root 11241100x8000000000000000725659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73534a8a24e2d32a2021-12-21 12:51:23.693root 11241100x8000000000000000725660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecaf9b9a6058d5c2021-12-21 12:51:23.693root 11241100x8000000000000000725661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071a397606e496d42021-12-21 12:51:23.693root 11241100x8000000000000000725662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d5c9630adbca502021-12-21 12:51:23.693root 11241100x8000000000000000725663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4416e1606264a52021-12-21 12:51:23.693root 11241100x8000000000000000725664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693f79bb952fe25f2021-12-21 12:51:23.693root 11241100x8000000000000000725665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837243ebda1988f52021-12-21 12:51:23.694root 11241100x8000000000000000725666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8822bbf5d63d89492021-12-21 12:51:23.694root 11241100x8000000000000000725667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86c9197db46aca22021-12-21 12:51:23.694root 11241100x8000000000000000725668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bff24724198a23a2021-12-21 12:51:23.694root 11241100x8000000000000000725669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d485e34e0d1cec82021-12-21 12:51:23.695root 11241100x8000000000000000725670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc1f31f3b3256b32021-12-21 12:51:23.695root 11241100x8000000000000000725671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5172e96b72ed1d972021-12-21 12:51:23.695root 11241100x8000000000000000725672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c4701d639329f2021-12-21 12:51:23.695root 11241100x8000000000000000725673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ac7318d2cd9112021-12-21 12:51:23.696root 11241100x8000000000000000725674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4e9187de4413c02021-12-21 12:51:23.696root 11241100x8000000000000000725675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175ea12c00783feb2021-12-21 12:51:23.696root 11241100x8000000000000000725676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b35bf90f4990cb2021-12-21 12:51:23.696root 11241100x8000000000000000725677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d22f188d2bd99572021-12-21 12:51:23.696root 11241100x8000000000000000725678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735437ca73c4251e2021-12-21 12:51:23.696root 11241100x8000000000000000725679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2fa9ebbb3608812021-12-21 12:51:23.696root 11241100x8000000000000000725680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e9bc293edf58c92021-12-21 12:51:23.696root 11241100x8000000000000000725681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a499aa014961c2021-12-21 12:51:23.696root 11241100x8000000000000000725682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0390792ddc584a2021-12-21 12:51:23.696root 11241100x8000000000000000725683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580d0dda0c3da49e2021-12-21 12:51:23.696root 11241100x8000000000000000725684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d245fc7631d533352021-12-21 12:51:23.696root 11241100x8000000000000000725685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f2ce549a7f993a2021-12-21 12:51:23.696root 11241100x8000000000000000725686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be52a9e7e59090632021-12-21 12:51:23.697root 11241100x8000000000000000725687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782bd3d6be06a6f42021-12-21 12:51:24.193root 11241100x8000000000000000725688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be1d3d2ab4f20d2021-12-21 12:51:24.193root 11241100x8000000000000000725689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571d6a58d9c6d7fb2021-12-21 12:51:24.193root 11241100x8000000000000000725690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5f5ea8cb5cec7f2021-12-21 12:51:24.193root 11241100x8000000000000000725691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9364cb58cfddc2021-12-21 12:51:24.193root 11241100x8000000000000000725692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1970e050e21a60a12021-12-21 12:51:24.193root 11241100x8000000000000000725693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b834707525fcce5a2021-12-21 12:51:24.194root 11241100x8000000000000000725694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d39d011bca44ea2021-12-21 12:51:24.194root 11241100x8000000000000000725695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3474cc82f98413172021-12-21 12:51:24.194root 11241100x8000000000000000725696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebcb836993dd5de2021-12-21 12:51:24.194root 11241100x8000000000000000725697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9abbdc303bd98592021-12-21 12:51:24.194root 11241100x8000000000000000725698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5b0f39d9e31ee12021-12-21 12:51:24.194root 11241100x8000000000000000725699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022daeee421dab172021-12-21 12:51:24.194root 11241100x8000000000000000725700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314c3084930e89e22021-12-21 12:51:24.195root 11241100x8000000000000000725701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6af4b7d61362e52021-12-21 12:51:24.195root 11241100x8000000000000000725702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916aa4be5d4d3bca2021-12-21 12:51:24.195root 11241100x8000000000000000725703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fd56a6bf252e4e2021-12-21 12:51:24.195root 11241100x8000000000000000725704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1aec48038a3a0f2021-12-21 12:51:24.196root 11241100x8000000000000000725705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078fc0a72e6c5afd2021-12-21 12:51:24.196root 11241100x8000000000000000725706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b686ea56de22ceb32021-12-21 12:51:24.196root 11241100x8000000000000000725707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de061f0a29899b5e2021-12-21 12:51:24.196root 11241100x8000000000000000725708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9149dc0e808c492021-12-21 12:51:24.196root 11241100x8000000000000000725709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe7533d86c8384b2021-12-21 12:51:24.196root 11241100x8000000000000000725710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e911103f79a0fac2021-12-21 12:51:24.196root 11241100x8000000000000000725711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41f8312995f6f622021-12-21 12:51:24.196root 11241100x8000000000000000725712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cc6d103e378f52021-12-21 12:51:24.196root 11241100x8000000000000000725713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516c89bf002f2d422021-12-21 12:51:24.693root 11241100x8000000000000000725714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c2090140b687e12021-12-21 12:51:24.693root 11241100x8000000000000000725715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef00f98eb727bd32021-12-21 12:51:24.693root 11241100x8000000000000000725716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8fe1d9a540ecce2021-12-21 12:51:24.694root 11241100x8000000000000000725717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00f388eda407f272021-12-21 12:51:24.694root 11241100x8000000000000000725718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3af74fb7ffab0b2021-12-21 12:51:24.694root 11241100x8000000000000000725719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa55a142621de522021-12-21 12:51:24.694root 11241100x8000000000000000725720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f9f54f0429379b2021-12-21 12:51:24.694root 11241100x8000000000000000725721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b633cf7502b9762021-12-21 12:51:24.694root 11241100x8000000000000000725722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee282f3ae862da92021-12-21 12:51:24.694root 11241100x8000000000000000725723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d66ce9a2761c682021-12-21 12:51:24.694root 11241100x8000000000000000725724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1db16f7c8bd4ba2021-12-21 12:51:24.694root 11241100x8000000000000000725725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4216bcea92358ca32021-12-21 12:51:24.694root 11241100x8000000000000000725726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d12c6a3e6149a8f2021-12-21 12:51:24.694root 11241100x8000000000000000725727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6fe0630f373e982021-12-21 12:51:24.695root 11241100x8000000000000000725728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681141a374d538a82021-12-21 12:51:24.695root 11241100x8000000000000000725729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1547e95fafe850d2021-12-21 12:51:24.695root 11241100x8000000000000000725730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabdf9ae9e6345c72021-12-21 12:51:24.695root 11241100x8000000000000000725731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b282ca81566c712021-12-21 12:51:24.695root 11241100x8000000000000000725732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed732188bbb70c2021-12-21 12:51:24.695root 11241100x8000000000000000725733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5036a61c0d30ebb52021-12-21 12:51:24.695root 11241100x8000000000000000725734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bafb63a0c2a65b2021-12-21 12:51:24.695root 11241100x8000000000000000725735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066aca407d3ba8542021-12-21 12:51:24.695root 11241100x8000000000000000725736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f92f2e20b5d4aec2021-12-21 12:51:24.696root 11241100x8000000000000000725737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbfff135c9660102021-12-21 12:51:24.696root 11241100x8000000000000000725738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb25657b849a9872021-12-21 12:51:24.696root 11241100x8000000000000000725739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55459061447dd63b2021-12-21 12:51:25.193root 11241100x8000000000000000725740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51438978d1a7aa462021-12-21 12:51:25.194root 11241100x8000000000000000725741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57060670cf241202021-12-21 12:51:25.194root 354300x8000000000000000725742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50582-false10.0.1.12-8000- 11241100x8000000000000000725743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b1d37487ebb0072021-12-21 12:51:25.194root 11241100x8000000000000000725744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c828ab26d1e633502021-12-21 12:51:25.194root 11241100x8000000000000000725745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e039b4c91e81b602021-12-21 12:51:25.194root 11241100x8000000000000000725746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7055c28b7f10362021-12-21 12:51:25.195root 11241100x8000000000000000725747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07d255a904f4692021-12-21 12:51:25.195root 11241100x8000000000000000725748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18cdfc2cc7d33002021-12-21 12:51:25.195root 11241100x8000000000000000725749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8938731caded0052021-12-21 12:51:25.195root 11241100x8000000000000000725750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1fe00f60fc83132021-12-21 12:51:25.195root 11241100x8000000000000000725751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646d18425f7d6e542021-12-21 12:51:25.195root 11241100x8000000000000000725752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b01565f6085dc902021-12-21 12:51:25.195root 11241100x8000000000000000725753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbc4a091cbbd61c2021-12-21 12:51:25.196root 11241100x8000000000000000725754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1de1215e33c1222021-12-21 12:51:25.196root 11241100x8000000000000000725755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76b3bfbe5c111b42021-12-21 12:51:25.196root 11241100x8000000000000000725756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb633a25f3df5bc52021-12-21 12:51:25.196root 11241100x8000000000000000725757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce726d3dd4901202021-12-21 12:51:25.196root 11241100x8000000000000000725758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0d14de5db6c9a82021-12-21 12:51:25.197root 11241100x8000000000000000725759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc51bca2f8c71df2021-12-21 12:51:25.197root 11241100x8000000000000000725760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9404c82ea1d502021-12-21 12:51:25.197root 11241100x8000000000000000725761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e9fe83e52fdca2021-12-21 12:51:25.197root 11241100x8000000000000000725762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9328a3dba44b7b952021-12-21 12:51:25.198root 11241100x8000000000000000725763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062219ccd5d419512021-12-21 12:51:25.198root 11241100x8000000000000000725764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a55f35fc28f5912021-12-21 12:51:25.198root 11241100x8000000000000000725765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b185001394011242021-12-21 12:51:25.198root 11241100x8000000000000000725766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b87940f603aa472021-12-21 12:51:25.693root 11241100x8000000000000000725767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003c443110878e7c2021-12-21 12:51:25.694root 11241100x8000000000000000725768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c04f1ee6d3041142021-12-21 12:51:25.694root 11241100x8000000000000000725769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f09cd2c098d7d2021-12-21 12:51:25.694root 11241100x8000000000000000725770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7f6d94a2121dff2021-12-21 12:51:25.694root 11241100x8000000000000000725771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dbcb0e9e77d6d02021-12-21 12:51:25.694root 11241100x8000000000000000725772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1b0a41b410cd882021-12-21 12:51:25.694root 11241100x8000000000000000725773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab31dae205494d2021-12-21 12:51:25.694root 11241100x8000000000000000725774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6649b1532de486e2021-12-21 12:51:25.694root 11241100x8000000000000000725775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc1989f79d3791c2021-12-21 12:51:25.694root 11241100x8000000000000000725776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a9651bdf7b729e2021-12-21 12:51:25.694root 11241100x8000000000000000725777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd83bc48c5f4542021-12-21 12:51:25.694root 11241100x8000000000000000725778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788652402265e6f42021-12-21 12:51:25.694root 11241100x8000000000000000725779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c7aba5625cf0d2021-12-21 12:51:25.694root 11241100x8000000000000000725780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d6fb46aa562cc42021-12-21 12:51:25.694root 11241100x8000000000000000725781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a057e0bbc5425372021-12-21 12:51:25.694root 11241100x8000000000000000725782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c253c19c2620efcf2021-12-21 12:51:25.695root 11241100x8000000000000000725783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eddd98c2fb745612021-12-21 12:51:25.695root 11241100x8000000000000000725784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a5e27fff010b782021-12-21 12:51:25.695root 11241100x8000000000000000725785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbfd432ebc506cf2021-12-21 12:51:25.695root 11241100x8000000000000000725786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8aef65987dc4852021-12-21 12:51:25.695root 11241100x8000000000000000725787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c5899729979cce2021-12-21 12:51:25.695root 11241100x8000000000000000725788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf90d21d49440942021-12-21 12:51:25.695root 11241100x8000000000000000725789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff54872d0c6041a2021-12-21 12:51:25.695root 11241100x8000000000000000725790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65996c1b2c8dfee62021-12-21 12:51:25.695root 11241100x8000000000000000725791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e519a0577effc02021-12-21 12:51:25.695root 11241100x8000000000000000725792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1528efc5f4024482021-12-21 12:51:25.695root 354300x8000000000000000725793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.966{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37648-false10.0.1.12-8089- 11241100x8000000000000000725794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66002cc252ddf0fb2021-12-21 12:51:25.966root 11241100x8000000000000000725795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0981050b280d212021-12-21 12:51:25.966root 11241100x8000000000000000725796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79381a739a1ab44e2021-12-21 12:51:25.967root 11241100x8000000000000000725797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0be07a9e6554c352021-12-21 12:51:25.967root 11241100x8000000000000000725798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0778ab0f7e7c36222021-12-21 12:51:25.967root 11241100x8000000000000000725799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592b3751ddfe24d22021-12-21 12:51:25.967root 11241100x8000000000000000725800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf65659e4f4be92021-12-21 12:51:25.967root 11241100x8000000000000000725801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75d662d8a6ea72a2021-12-21 12:51:25.967root 11241100x8000000000000000725802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d31e6e27a369d42021-12-21 12:51:25.967root 11241100x8000000000000000725803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a2cb6b2973d06f2021-12-21 12:51:25.968root 11241100x8000000000000000725804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a970d3f66adaa4d2021-12-21 12:51:25.968root 11241100x8000000000000000725805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf6fb346f61a792021-12-21 12:51:25.968root 11241100x8000000000000000725806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505b582bb56c6e312021-12-21 12:51:25.968root 11241100x8000000000000000725807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff32637e157f9642021-12-21 12:51:25.968root 11241100x8000000000000000725808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dae763e6b2f5992021-12-21 12:51:25.968root 11241100x8000000000000000725809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c1ab9cef2abda12021-12-21 12:51:25.969root 11241100x8000000000000000725810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0c94500e241b622021-12-21 12:51:25.969root 11241100x8000000000000000725811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617ed0b5d059dfa2021-12-21 12:51:25.969root 11241100x8000000000000000725812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b20f65d4e9868652021-12-21 12:51:25.969root 11241100x8000000000000000725813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60831d95c9bbc1232021-12-21 12:51:25.969root 11241100x8000000000000000725814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0494cc67e1f7eab12021-12-21 12:51:25.969root 11241100x8000000000000000725815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d880203296d0952021-12-21 12:51:25.969root 11241100x8000000000000000725816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72f6308835f80442021-12-21 12:51:25.969root 11241100x8000000000000000725817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69af87896bb6200b2021-12-21 12:51:25.969root 11241100x8000000000000000725818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18788022ceab3e32021-12-21 12:51:25.970root 11241100x8000000000000000725819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3407cc71a3fcaa4b2021-12-21 12:51:25.970root 11241100x8000000000000000725820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faa6d5cb3863c9f2021-12-21 12:51:25.970root 11241100x8000000000000000725821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d7d09bd118192e2021-12-21 12:51:25.970root 11241100x8000000000000000725822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3172832609f8de082021-12-21 12:51:25.970root 11241100x8000000000000000725823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fb0fb3002e21fd2021-12-21 12:51:25.971root 11241100x8000000000000000725824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f483d86c947554702021-12-21 12:51:25.971root 11241100x8000000000000000725825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8ea857b246d4dd2021-12-21 12:51:25.971root 11241100x8000000000000000725826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480638bdb99a41ff2021-12-21 12:51:25.971root 11241100x8000000000000000725827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01339b80fb846e8a2021-12-21 12:51:25.971root 11241100x8000000000000000725828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44674e3d37f494e52021-12-21 12:51:25.971root 11241100x8000000000000000725829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7ddc7334bfb4182021-12-21 12:51:25.972root 11241100x8000000000000000725830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:25.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50152f8e4b91adc2021-12-21 12:51:25.972root 11241100x8000000000000000725831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a6b652a70013ee2021-12-21 12:51:26.443root 11241100x8000000000000000725832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709514d224b824a82021-12-21 12:51:26.444root 11241100x8000000000000000725833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71da93af0c5dcae2021-12-21 12:51:26.444root 11241100x8000000000000000725834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274a292f534209142021-12-21 12:51:26.444root 11241100x8000000000000000725835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2776b27440e140c2021-12-21 12:51:26.444root 11241100x8000000000000000725836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2311ed92df05150e2021-12-21 12:51:26.444root 11241100x8000000000000000725837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438f9fe2e8046572021-12-21 12:51:26.445root 11241100x8000000000000000725838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138cf4722fdaec0f2021-12-21 12:51:26.445root 11241100x8000000000000000725839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e52adedfabc282021-12-21 12:51:26.445root 11241100x8000000000000000725840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462a224db1557b92021-12-21 12:51:26.445root 11241100x8000000000000000725841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade1a1ef92eb577a2021-12-21 12:51:26.445root 11241100x8000000000000000725842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68973ef8eee68042021-12-21 12:51:26.446root 11241100x8000000000000000725843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e95abcdcc3185752021-12-21 12:51:26.446root 11241100x8000000000000000725844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b2cdca3da2e4c12021-12-21 12:51:26.446root 11241100x8000000000000000725845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667323d02db9baaf2021-12-21 12:51:26.446root 11241100x8000000000000000725846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d664e6e0c7c8f2021-12-21 12:51:26.446root 11241100x8000000000000000725847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f0af5c1435d7fc2021-12-21 12:51:26.447root 11241100x8000000000000000725848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ac254a4c8ae40e2021-12-21 12:51:26.447root 11241100x8000000000000000725849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e0975f58a71b782021-12-21 12:51:26.447root 11241100x8000000000000000725850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf20cc543c76b0d2021-12-21 12:51:26.447root 11241100x8000000000000000725851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0660de8014bb5c122021-12-21 12:51:26.447root 11241100x8000000000000000725852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5349ff00a743e862021-12-21 12:51:26.448root 11241100x8000000000000000725853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3089fb4506b70cb52021-12-21 12:51:26.448root 11241100x8000000000000000725854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2837c469b652a62021-12-21 12:51:26.448root 11241100x8000000000000000725855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1151b4881054152c2021-12-21 12:51:26.448root 11241100x8000000000000000725856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce9118799d2c5b32021-12-21 12:51:26.448root 11241100x8000000000000000725857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685f62691e4297a02021-12-21 12:51:26.449root 11241100x8000000000000000725858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f14e87f308d2ad2021-12-21 12:51:26.449root 11241100x8000000000000000725859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf1eac74f21fefb2021-12-21 12:51:26.943root 11241100x8000000000000000725860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea6cd0f105243f92021-12-21 12:51:26.943root 11241100x8000000000000000725861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52af3f63e71ac3d32021-12-21 12:51:26.943root 11241100x8000000000000000725862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f524eaea7a77932021-12-21 12:51:26.944root 11241100x8000000000000000725863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996e97a6fe8dd02c2021-12-21 12:51:26.944root 11241100x8000000000000000725864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a96ba6860092012021-12-21 12:51:26.944root 11241100x8000000000000000725865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e5c18736acbe272021-12-21 12:51:26.944root 11241100x8000000000000000725866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca61fe9d1cbe31192021-12-21 12:51:26.944root 11241100x8000000000000000725867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2580123c033e58f32021-12-21 12:51:26.944root 11241100x8000000000000000725868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33539561c5c8d2362021-12-21 12:51:26.944root 11241100x8000000000000000725869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b648898b9dc0382021-12-21 12:51:26.944root 11241100x8000000000000000725870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8237679c98c6d6a72021-12-21 12:51:26.944root 11241100x8000000000000000725871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bfd65f7342c6812021-12-21 12:51:26.945root 11241100x8000000000000000725872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518e5d1cbec083932021-12-21 12:51:26.945root 11241100x8000000000000000725873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c981758f981b612021-12-21 12:51:26.945root 11241100x8000000000000000725874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1872f6a844c2206a2021-12-21 12:51:26.945root 11241100x8000000000000000725875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01a202cbd4cc57d2021-12-21 12:51:26.945root 11241100x8000000000000000725876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12a52a6ef2a572a2021-12-21 12:51:26.945root 11241100x8000000000000000725877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d7b106901e59632021-12-21 12:51:26.945root 11241100x8000000000000000725878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c753643393895dca2021-12-21 12:51:26.945root 11241100x8000000000000000725879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579c5bc6396dbef2021-12-21 12:51:26.945root 11241100x8000000000000000725880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4028bc03ec5ae6b12021-12-21 12:51:26.946root 11241100x8000000000000000725881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe4e912e839c7012021-12-21 12:51:26.946root 11241100x8000000000000000725882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ac028f15a75a122021-12-21 12:51:26.946root 11241100x8000000000000000725883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b097eaf13f12872021-12-21 12:51:26.946root 11241100x8000000000000000725884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cccb69f04583f012021-12-21 12:51:26.946root 11241100x8000000000000000725885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114412e6963a265e2021-12-21 12:51:26.946root 11241100x8000000000000000725886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c290b872051d7802021-12-21 12:51:26.946root 11241100x8000000000000000725887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc981f9fa86e9e432021-12-21 12:51:27.443root 11241100x8000000000000000725888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57a424a4ebf4fde2021-12-21 12:51:27.443root 11241100x8000000000000000725889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57e2eca8f6248422021-12-21 12:51:27.443root 11241100x8000000000000000725890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d565a97fcdd2f22021-12-21 12:51:27.443root 11241100x8000000000000000725891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc897b0eaae48e32021-12-21 12:51:27.444root 11241100x8000000000000000725892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818d9d17ac26b2d92021-12-21 12:51:27.444root 11241100x8000000000000000725893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da70b97e0e2161cf2021-12-21 12:51:27.444root 11241100x8000000000000000725894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c639ef988d3cd52021-12-21 12:51:27.444root 11241100x8000000000000000725895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5f51d9933bd44a2021-12-21 12:51:27.444root 11241100x8000000000000000725896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6418b10ff5826d512021-12-21 12:51:27.444root 11241100x8000000000000000725897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e9b68363d6598a2021-12-21 12:51:27.444root 11241100x8000000000000000725898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a1a7bed631ff32021-12-21 12:51:27.444root 11241100x8000000000000000725899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68109b760b8a8ba32021-12-21 12:51:27.444root 11241100x8000000000000000725900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c0a21cfd2dd5f32021-12-21 12:51:27.444root 11241100x8000000000000000725901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1bffc797afe0212021-12-21 12:51:27.444root 11241100x8000000000000000725902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f775162a6158c1a2021-12-21 12:51:27.444root 11241100x8000000000000000725903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030eb5629fa860b22021-12-21 12:51:27.444root 11241100x8000000000000000725904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7676304c32e4b242021-12-21 12:51:27.444root 11241100x8000000000000000725905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ac4e7bd3c98082021-12-21 12:51:27.445root 11241100x8000000000000000725906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf40288ddea72902021-12-21 12:51:27.445root 11241100x8000000000000000725907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997324c2aca665d2021-12-21 12:51:27.445root 11241100x8000000000000000725908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f450534c296451c32021-12-21 12:51:27.445root 11241100x8000000000000000725909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dc894e0355e4c22021-12-21 12:51:27.445root 11241100x8000000000000000725910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a7270ebd03e9b22021-12-21 12:51:27.445root 11241100x8000000000000000725911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777041e571777b892021-12-21 12:51:27.445root 11241100x8000000000000000725912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378d50d402a1f022021-12-21 12:51:27.445root 11241100x8000000000000000725913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ae14a5c1b677112021-12-21 12:51:27.445root 11241100x8000000000000000725914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7576a5b5beaddb452021-12-21 12:51:27.445root 11241100x8000000000000000725915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8c6838d9f6343e2021-12-21 12:51:27.445root 11241100x8000000000000000725916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e6043c049b96102021-12-21 12:51:27.943root 11241100x8000000000000000725917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d33226000366802021-12-21 12:51:27.944root 11241100x8000000000000000725918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c150be6ac2156a2021-12-21 12:51:27.944root 11241100x8000000000000000725919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43959127d34db6942021-12-21 12:51:27.944root 11241100x8000000000000000725920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9747aa3f85ad50402021-12-21 12:51:27.944root 11241100x8000000000000000725921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e77e51c5eee61dc2021-12-21 12:51:27.944root 11241100x8000000000000000725922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363bc1be46073342021-12-21 12:51:27.944root 11241100x8000000000000000725923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b366cd6151e22d2021-12-21 12:51:27.944root 11241100x8000000000000000725924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc8c433ed7058c2021-12-21 12:51:27.944root 11241100x8000000000000000725925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8906914ea542a602021-12-21 12:51:27.944root 11241100x8000000000000000725926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ae3fddc0a575a92021-12-21 12:51:27.945root 11241100x8000000000000000725927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d24ea866834e492021-12-21 12:51:27.945root 11241100x8000000000000000725928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42846cacaaa910ca2021-12-21 12:51:27.945root 11241100x8000000000000000725929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d1bdf6dd0da9f82021-12-21 12:51:27.945root 11241100x8000000000000000725930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ddcfe9f68437262021-12-21 12:51:27.945root 11241100x8000000000000000725931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3220a4b7f24ddbc2021-12-21 12:51:27.945root 11241100x8000000000000000725932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040a6a136e20cb12021-12-21 12:51:27.945root 11241100x8000000000000000725933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59f28fc45be9fc02021-12-21 12:51:27.945root 11241100x8000000000000000725934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d513c97e91a6262021-12-21 12:51:27.945root 11241100x8000000000000000725935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebccd89fa4aeb8f62021-12-21 12:51:27.945root 11241100x8000000000000000725936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d363b51600578e2021-12-21 12:51:27.946root 11241100x8000000000000000725937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e11d0a8dbe7f3c72021-12-21 12:51:27.946root 11241100x8000000000000000725938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549b4b93ad28134f2021-12-21 12:51:27.946root 11241100x8000000000000000725939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d515ef72a18903eb2021-12-21 12:51:27.946root 11241100x8000000000000000725940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ad03db5684c5912021-12-21 12:51:27.946root 11241100x8000000000000000725941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a47d5e7e93ebcd12021-12-21 12:51:27.946root 11241100x8000000000000000725942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49299abf77de80f62021-12-21 12:51:27.946root 11241100x8000000000000000725943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46694d09e93253f2021-12-21 12:51:27.946root 11241100x8000000000000000725944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbf139166fb1ad02021-12-21 12:51:28.443root 11241100x8000000000000000725945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec75bf4466dbe2182021-12-21 12:51:28.443root 11241100x8000000000000000725946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326b3129698d2c02021-12-21 12:51:28.444root 11241100x8000000000000000725947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51c8a30d43b15792021-12-21 12:51:28.444root 11241100x8000000000000000725948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c72bbe34a64ec9e2021-12-21 12:51:28.444root 11241100x8000000000000000725949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad30d1415045be1e2021-12-21 12:51:28.444root 11241100x8000000000000000725950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816e494425baffee2021-12-21 12:51:28.444root 11241100x8000000000000000725951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41007712d4f44f82021-12-21 12:51:28.444root 11241100x8000000000000000725952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0321667dbad06c42021-12-21 12:51:28.444root 11241100x8000000000000000725953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6cce9ac3765dbf2021-12-21 12:51:28.444root 11241100x8000000000000000725954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b50ba6528ca9f22021-12-21 12:51:28.444root 11241100x8000000000000000725955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1efedd075e8602021-12-21 12:51:28.444root 11241100x8000000000000000725956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e64091fe484e972021-12-21 12:51:28.445root 11241100x8000000000000000725957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0c7f5d5ccf80392021-12-21 12:51:28.445root 11241100x8000000000000000725958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383b343fdfc781d12021-12-21 12:51:28.445root 11241100x8000000000000000725959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c06180f5fc4a6472021-12-21 12:51:28.445root 11241100x8000000000000000725960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd2b622e88404112021-12-21 12:51:28.445root 11241100x8000000000000000725961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fce01986ae0b47e2021-12-21 12:51:28.445root 11241100x8000000000000000725962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be49d67e8aa9bc72021-12-21 12:51:28.445root 11241100x8000000000000000725963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e91e5647716c162021-12-21 12:51:28.445root 11241100x8000000000000000725964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71ba2c3c9df36142021-12-21 12:51:28.445root 11241100x8000000000000000725965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b00a898c38c9e62021-12-21 12:51:28.445root 11241100x8000000000000000725966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18637924607132182021-12-21 12:51:28.445root 11241100x8000000000000000725967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249d3d17bae1f2d42021-12-21 12:51:28.445root 11241100x8000000000000000725968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860a258362e61b972021-12-21 12:51:28.445root 11241100x8000000000000000725969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f28cae47ce537682021-12-21 12:51:28.445root 11241100x8000000000000000725970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac395144ddc7c802021-12-21 12:51:28.445root 11241100x8000000000000000725971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3b43426462ee8d2021-12-21 12:51:28.446root 11241100x8000000000000000725972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293643efee273b8a2021-12-21 12:51:28.943root 11241100x8000000000000000725973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8849bbd4ee2e3f92021-12-21 12:51:28.943root 11241100x8000000000000000725974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd62dea640c341f2021-12-21 12:51:28.943root 11241100x8000000000000000725975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04b06675c96a4982021-12-21 12:51:28.943root 11241100x8000000000000000725976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71cd23026f19d3c2021-12-21 12:51:28.944root 11241100x8000000000000000725977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f75968fba381f72021-12-21 12:51:28.944root 11241100x8000000000000000725978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8909ec9b78e70032021-12-21 12:51:28.944root 11241100x8000000000000000725979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b463ff9308edb0ae2021-12-21 12:51:28.944root 11241100x8000000000000000725980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d432ef5fa5cd852021-12-21 12:51:28.944root 11241100x8000000000000000725981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a82d44430ccbea72021-12-21 12:51:28.944root 11241100x8000000000000000725982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac03ec75aa385b7f2021-12-21 12:51:28.944root 11241100x8000000000000000725983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5291ecd38d9bb9d2021-12-21 12:51:28.944root 11241100x8000000000000000725984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbbcb25f7ae01ac2021-12-21 12:51:28.944root 11241100x8000000000000000725985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c55290fc2a54c2021-12-21 12:51:28.944root 11241100x8000000000000000725986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7139fc92e2bba372021-12-21 12:51:28.944root 11241100x8000000000000000725987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b70f55af62106e62021-12-21 12:51:28.944root 11241100x8000000000000000725988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaf445e60b232822021-12-21 12:51:28.944root 11241100x8000000000000000725989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fec87ce73dbfa32021-12-21 12:51:28.944root 11241100x8000000000000000725990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19224acbb200f82021-12-21 12:51:28.944root 11241100x8000000000000000725991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a0919e33dacd32021-12-21 12:51:28.945root 11241100x8000000000000000725992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa4bd2596a812b02021-12-21 12:51:28.945root 11241100x8000000000000000725993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b635be8108deebc2021-12-21 12:51:28.945root 11241100x8000000000000000725994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8763b779d8e6bf12021-12-21 12:51:28.945root 11241100x8000000000000000725995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c188161b436beb2021-12-21 12:51:28.945root 11241100x8000000000000000725996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69989e5acefe8e5e2021-12-21 12:51:28.945root 11241100x8000000000000000725997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676339fa9d397e082021-12-21 12:51:28.945root 11241100x8000000000000000725998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b9c67a8d6b382a2021-12-21 12:51:28.945root 11241100x8000000000000000725999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043120db01ac34de2021-12-21 12:51:28.946root 11241100x8000000000000000726000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c08f86e5f84f12021-12-21 12:51:29.443root 11241100x8000000000000000726001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7560ddf9f5be42021-12-21 12:51:29.443root 11241100x8000000000000000726002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8e59893411a51a2021-12-21 12:51:29.444root 11241100x8000000000000000726003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda667fa57a416212021-12-21 12:51:29.444root 11241100x8000000000000000726004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae67d2a335c09e8b2021-12-21 12:51:29.444root 11241100x8000000000000000726005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f47e58bdf4198f2021-12-21 12:51:29.444root 11241100x8000000000000000726006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e6ca22137784742021-12-21 12:51:29.444root 11241100x8000000000000000726007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5adc715ff1167dd2021-12-21 12:51:29.444root 11241100x8000000000000000726008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3b862dc7f40b4d2021-12-21 12:51:29.444root 11241100x8000000000000000726009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e9fb9ddbc3ebf32021-12-21 12:51:29.444root 11241100x8000000000000000726010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b251279e4d09d1922021-12-21 12:51:29.444root 11241100x8000000000000000726011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e3d7e1d2f9c9472021-12-21 12:51:29.444root 11241100x8000000000000000726012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7887e0280727e5e92021-12-21 12:51:29.444root 11241100x8000000000000000726013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147057296de3b1f62021-12-21 12:51:29.444root 11241100x8000000000000000726014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e762b7a8b326a8f2021-12-21 12:51:29.444root 11241100x8000000000000000726015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4f67a54f1ef8242021-12-21 12:51:29.444root 11241100x8000000000000000726016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40007cb9cc45f8582021-12-21 12:51:29.445root 11241100x8000000000000000726017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb97a0d04d7a8ad2021-12-21 12:51:29.445root 11241100x8000000000000000726018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf002177d37d5c62021-12-21 12:51:29.445root 11241100x8000000000000000726019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa4ee326404518a2021-12-21 12:51:29.445root 11241100x8000000000000000726020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300b87ee38f2be02021-12-21 12:51:29.445root 11241100x8000000000000000726021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a66db512006da2f2021-12-21 12:51:29.445root 11241100x8000000000000000726022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ff01b62d3716d82021-12-21 12:51:29.445root 11241100x8000000000000000726023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5679bf405b33f332021-12-21 12:51:29.445root 11241100x8000000000000000726024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ca210c779c1c7f2021-12-21 12:51:29.445root 11241100x8000000000000000726025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e45e81e016f1ac22021-12-21 12:51:29.445root 11241100x8000000000000000726026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794585176e8560ca2021-12-21 12:51:29.445root 11241100x8000000000000000726027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fed7cafe2557ad2021-12-21 12:51:29.445root 11241100x8000000000000000726028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6245f1c31355e0242021-12-21 12:51:29.943root 11241100x8000000000000000726029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4499c290c47ee92021-12-21 12:51:29.943root 11241100x8000000000000000726030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f3181e43ffb6802021-12-21 12:51:29.943root 11241100x8000000000000000726031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d781f84a8386a2442021-12-21 12:51:29.944root 11241100x8000000000000000726032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8f43be011b41b12021-12-21 12:51:29.944root 11241100x8000000000000000726033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e528ab0159fce5d92021-12-21 12:51:29.944root 11241100x8000000000000000726034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b562f89ad4f574e92021-12-21 12:51:29.944root 11241100x8000000000000000726035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968932afcf41182c2021-12-21 12:51:29.944root 11241100x8000000000000000726036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4fb7e70bf51c652021-12-21 12:51:29.944root 11241100x8000000000000000726037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4154585e9871fa32021-12-21 12:51:29.944root 11241100x8000000000000000726038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ee6b67258c98542021-12-21 12:51:29.944root 11241100x8000000000000000726039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e6b14afbf38032021-12-21 12:51:29.944root 11241100x8000000000000000726040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adad8ee684606532021-12-21 12:51:29.944root 11241100x8000000000000000726041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658cd76a46643cb62021-12-21 12:51:29.945root 11241100x8000000000000000726042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b014814bdbf112021-12-21 12:51:29.945root 11241100x8000000000000000726043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75d0a89f9eff782021-12-21 12:51:29.945root 11241100x8000000000000000726044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118577c6e00bea982021-12-21 12:51:29.945root 11241100x8000000000000000726045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3b5e4962f5ccd72021-12-21 12:51:29.945root 11241100x8000000000000000726046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2362c075b4e15ebf2021-12-21 12:51:29.945root 11241100x8000000000000000726047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900713371bd36f6f2021-12-21 12:51:29.945root 11241100x8000000000000000726048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff0396f32af1bf02021-12-21 12:51:29.945root 11241100x8000000000000000726049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80db5e3343637fa12021-12-21 12:51:29.945root 11241100x8000000000000000726050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c8ddebc54102202021-12-21 12:51:29.945root 11241100x8000000000000000726051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f972b7a28f39a622021-12-21 12:51:29.945root 11241100x8000000000000000726052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99e41ced7d550a72021-12-21 12:51:29.946root 11241100x8000000000000000726053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c94241fa176fc32021-12-21 12:51:29.946root 11241100x8000000000000000726054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e214e4c284431c092021-12-21 12:51:29.946root 11241100x8000000000000000726055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c5d78b347810d2021-12-21 12:51:29.946root 354300x8000000000000000726056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.216{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50586-false10.0.1.12-8000- 11241100x8000000000000000726057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c673b909e7a021a2021-12-21 12:51:30.218root 11241100x8000000000000000726058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb466f4a20cc9e92021-12-21 12:51:30.218root 11241100x8000000000000000726059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea576b8b395029522021-12-21 12:51:30.218root 11241100x8000000000000000726060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aca970827fdf0c42021-12-21 12:51:30.218root 11241100x8000000000000000726061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f124ae86fa6c6202021-12-21 12:51:30.218root 11241100x8000000000000000726062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc3aab5d8108ac52021-12-21 12:51:30.218root 11241100x8000000000000000726063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eeb86d367a41a42021-12-21 12:51:30.218root 11241100x8000000000000000726064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80126985d9cdf4d92021-12-21 12:51:30.219root 11241100x8000000000000000726065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6da2dc464909292021-12-21 12:51:30.219root 11241100x8000000000000000726066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4af2504db1030a2021-12-21 12:51:30.219root 11241100x8000000000000000726067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22725d9ec978a64c2021-12-21 12:51:30.219root 11241100x8000000000000000726068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0224edb6dfdbd0422021-12-21 12:51:30.219root 11241100x8000000000000000726069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac35012c734dda1f2021-12-21 12:51:30.219root 11241100x8000000000000000726070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf49d3a4d3947f92021-12-21 12:51:30.219root 11241100x8000000000000000726071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92870621d4bf95ad2021-12-21 12:51:30.219root 11241100x8000000000000000726072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88197f86f1e0d7c32021-12-21 12:51:30.219root 11241100x8000000000000000726073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14be0c4783ff2d52021-12-21 12:51:30.219root 11241100x8000000000000000726074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ae88e1cac8d21a2021-12-21 12:51:30.220root 11241100x8000000000000000726075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942471d54d02c752021-12-21 12:51:30.220root 11241100x8000000000000000726076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaab4482e05ef89a2021-12-21 12:51:30.220root 11241100x8000000000000000726077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b51f42d5f2248e72021-12-21 12:51:30.220root 11241100x8000000000000000726078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6e6aba826e77b92021-12-21 12:51:30.220root 11241100x8000000000000000726079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60707d3abf3bae112021-12-21 12:51:30.220root 11241100x8000000000000000726080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbd9240e2c179162021-12-21 12:51:30.220root 11241100x8000000000000000726081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54851b727db7f92021-12-21 12:51:30.220root 11241100x8000000000000000726082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a9fa593e104fd42021-12-21 12:51:30.220root 11241100x8000000000000000726083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122a7c1b05cfefd22021-12-21 12:51:30.220root 11241100x8000000000000000726084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1d90f844c3be922021-12-21 12:51:30.220root 11241100x8000000000000000726085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e409e28b0e1d07d92021-12-21 12:51:30.221root 11241100x8000000000000000726086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd823ccdd8b2e2602021-12-21 12:51:30.694root 11241100x8000000000000000726087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b34f8d8a2f5c812021-12-21 12:51:30.694root 11241100x8000000000000000726088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c5b3dc41354f582021-12-21 12:51:30.694root 11241100x8000000000000000726089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb24369168dd26e72021-12-21 12:51:30.694root 11241100x8000000000000000726090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cacc56cc3070fc2021-12-21 12:51:30.694root 11241100x8000000000000000726091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52029609e5da093e2021-12-21 12:51:30.694root 11241100x8000000000000000726092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb383f0b24442c872021-12-21 12:51:30.694root 11241100x8000000000000000726093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe32cf56f1484d92021-12-21 12:51:30.695root 11241100x8000000000000000726094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e626030b642062021-12-21 12:51:30.695root 11241100x8000000000000000726095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3631cba138ed5c2021-12-21 12:51:30.695root 11241100x8000000000000000726096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e53a54840e0da42021-12-21 12:51:30.695root 11241100x8000000000000000726097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570d870f5a7feacc2021-12-21 12:51:30.695root 11241100x8000000000000000726098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ae97fea2421152021-12-21 12:51:30.695root 11241100x8000000000000000726099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63afdcf93e01c7122021-12-21 12:51:30.695root 11241100x8000000000000000726100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48606e9d8a1812642021-12-21 12:51:30.695root 11241100x8000000000000000726101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b74e98d12ecd94b2021-12-21 12:51:30.696root 11241100x8000000000000000726102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4aa02f28e9b36d2021-12-21 12:51:30.696root 11241100x8000000000000000726103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc39f3ed3a0debea2021-12-21 12:51:30.696root 11241100x8000000000000000726104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17647fc48e11882021-12-21 12:51:30.696root 11241100x8000000000000000726105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa244201107a7242021-12-21 12:51:30.696root 11241100x8000000000000000726106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32fc4eba8bca4862021-12-21 12:51:30.696root 11241100x8000000000000000726107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86ac4e1505ab37b2021-12-21 12:51:30.696root 11241100x8000000000000000726108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad64ce12cfcf4c202021-12-21 12:51:30.696root 11241100x8000000000000000726109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61b2c7fbe9257992021-12-21 12:51:30.696root 11241100x8000000000000000726110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce4015d648e751c2021-12-21 12:51:30.696root 11241100x8000000000000000726111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c134432c83b6f662021-12-21 12:51:30.696root 11241100x8000000000000000726112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd46ccf98023a8b2021-12-21 12:51:30.697root 11241100x8000000000000000726113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747aaa04c1a003152021-12-21 12:51:30.697root 11241100x8000000000000000726114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affd8ad5157014742021-12-21 12:51:30.698root 11241100x8000000000000000726115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238256cd763bac122021-12-21 12:51:31.194root 11241100x8000000000000000726116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcc75697195b7722021-12-21 12:51:31.194root 11241100x8000000000000000726117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d160cfea55ad0b232021-12-21 12:51:31.194root 11241100x8000000000000000726118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28010ad8254231eb2021-12-21 12:51:31.194root 11241100x8000000000000000726119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf97cf7be69a342e2021-12-21 12:51:31.194root 11241100x8000000000000000726120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b19feabf7517b632021-12-21 12:51:31.194root 11241100x8000000000000000726121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2559eb7380abe52021-12-21 12:51:31.194root 11241100x8000000000000000726122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d578d0469cce27662021-12-21 12:51:31.194root 11241100x8000000000000000726123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3abaed9ba26ad972021-12-21 12:51:31.194root 11241100x8000000000000000726124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f0394a989ae7e82021-12-21 12:51:31.194root 11241100x8000000000000000726125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45187b2a396a5aab2021-12-21 12:51:31.194root 11241100x8000000000000000726126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39da7427d3e395112021-12-21 12:51:31.194root 11241100x8000000000000000726127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b83f455b4426c652021-12-21 12:51:31.194root 11241100x8000000000000000726128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54adcecfd94033d2021-12-21 12:51:31.194root 11241100x8000000000000000726129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf005ae00e15d71f2021-12-21 12:51:31.195root 11241100x8000000000000000726130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5ee7367e641b5c2021-12-21 12:51:31.195root 11241100x8000000000000000726131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c2e7022726b472021-12-21 12:51:31.195root 11241100x8000000000000000726132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d62d54ae85647d2021-12-21 12:51:31.195root 11241100x8000000000000000726133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f867519767c988482021-12-21 12:51:31.195root 11241100x8000000000000000726134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b9a4e7f68f261a2021-12-21 12:51:31.195root 11241100x8000000000000000726135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be4d86f23948fa52021-12-21 12:51:31.195root 11241100x8000000000000000726136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1fc9a4d4bdd27f2021-12-21 12:51:31.195root 11241100x8000000000000000726137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c1a5b1bda9eda42021-12-21 12:51:31.195root 11241100x8000000000000000726138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af3b448892be3042021-12-21 12:51:31.195root 11241100x8000000000000000726139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66fe2df95697d752021-12-21 12:51:31.195root 11241100x8000000000000000726140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3d1ab860687ecc2021-12-21 12:51:31.195root 11241100x8000000000000000726141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9c632503eeebe22021-12-21 12:51:31.196root 11241100x8000000000000000726142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e37b41040a36242021-12-21 12:51:31.196root 11241100x8000000000000000726143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2fac51e37f6c72021-12-21 12:51:31.196root 11241100x8000000000000000726144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78ddb1f614d0fd92021-12-21 12:51:31.694root 11241100x8000000000000000726145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40195916cf0f422021-12-21 12:51:31.694root 11241100x8000000000000000726146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf517b2544ab90d72021-12-21 12:51:31.694root 11241100x8000000000000000726147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fda3ee2daf60272021-12-21 12:51:31.694root 11241100x8000000000000000726148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f91e89e36f2a092021-12-21 12:51:31.694root 11241100x8000000000000000726149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0215e4e21ba021a2021-12-21 12:51:31.694root 11241100x8000000000000000726150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55868714fb573882021-12-21 12:51:31.694root 11241100x8000000000000000726151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb15dc68d86e33c2021-12-21 12:51:31.694root 11241100x8000000000000000726152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5e67c4fdae56e2021-12-21 12:51:31.694root 11241100x8000000000000000726153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019392d271c9b2672021-12-21 12:51:31.694root 11241100x8000000000000000726154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857129e73b6a87f02021-12-21 12:51:31.694root 11241100x8000000000000000726155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1234f092124c75c02021-12-21 12:51:31.694root 11241100x8000000000000000726156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1866b39f51a5ea312021-12-21 12:51:31.694root 11241100x8000000000000000726157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53868a92f74f928a2021-12-21 12:51:31.695root 11241100x8000000000000000726158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a964bcd6c3ca712021-12-21 12:51:31.695root 11241100x8000000000000000726159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9524badb0dccfc7f2021-12-21 12:51:31.695root 11241100x8000000000000000726160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38c67b1884d94562021-12-21 12:51:31.695root 11241100x8000000000000000726161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7150f8489c28df972021-12-21 12:51:31.695root 11241100x8000000000000000726162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5f55e397ca75b52021-12-21 12:51:31.695root 11241100x8000000000000000726163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd00dad4427f12c2021-12-21 12:51:31.695root 11241100x8000000000000000726164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f935f9149387c682021-12-21 12:51:31.695root 11241100x8000000000000000726165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b944db187c91872021-12-21 12:51:31.695root 11241100x8000000000000000726166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac55dd303ca8f92021-12-21 12:51:31.695root 11241100x8000000000000000726167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9beac957415dfa2021-12-21 12:51:31.695root 11241100x8000000000000000726168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ba36ea4e3fb6402021-12-21 12:51:31.696root 11241100x8000000000000000726169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524475d5c66558bb2021-12-21 12:51:31.696root 11241100x8000000000000000726170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3448153562143b4d2021-12-21 12:51:31.696root 11241100x8000000000000000726171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921d682e16d94f3c2021-12-21 12:51:31.696root 11241100x8000000000000000726172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfbcc2a76082aaf2021-12-21 12:51:31.696root 11241100x8000000000000000726173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c48f9dbab909e92021-12-21 12:51:32.194root 11241100x8000000000000000726174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc5c4f74d0fafc2021-12-21 12:51:32.194root 11241100x8000000000000000726175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b62d4e3128d86cb2021-12-21 12:51:32.194root 11241100x8000000000000000726176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7265ba5260693b282021-12-21 12:51:32.194root 11241100x8000000000000000726177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff986a3e498fc80a2021-12-21 12:51:32.194root 11241100x8000000000000000726178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4eaa7c1b7750cb2021-12-21 12:51:32.194root 11241100x8000000000000000726179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a704a6e3db492842021-12-21 12:51:32.194root 11241100x8000000000000000726180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf12b4e7c336da12021-12-21 12:51:32.194root 11241100x8000000000000000726181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb141ffbb916969b2021-12-21 12:51:32.195root 11241100x8000000000000000726182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4b9ca69cc4692d2021-12-21 12:51:32.195root 11241100x8000000000000000726183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b119072ec55095e2021-12-21 12:51:32.195root 11241100x8000000000000000726184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca9554c8d7f7502021-12-21 12:51:32.195root 11241100x8000000000000000726185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01c794de9c6a9332021-12-21 12:51:32.195root 11241100x8000000000000000726186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf12a8f9db779242021-12-21 12:51:32.195root 11241100x8000000000000000726187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a814b25144c6232021-12-21 12:51:32.195root 11241100x8000000000000000726188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ee8538c59a2be2021-12-21 12:51:32.195root 11241100x8000000000000000726189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e540d0bf2946034e2021-12-21 12:51:32.196root 11241100x8000000000000000726190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cdaade5966e9702021-12-21 12:51:32.196root 11241100x8000000000000000726191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953646cff87af9f52021-12-21 12:51:32.196root 11241100x8000000000000000726192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aede434c1964b602021-12-21 12:51:32.196root 11241100x8000000000000000726193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaa319b9b4895232021-12-21 12:51:32.196root 11241100x8000000000000000726194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d381229dbca9723c2021-12-21 12:51:32.196root 11241100x8000000000000000726195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377ceeafc4cf34782021-12-21 12:51:32.196root 11241100x8000000000000000726196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8a19e1e13f4afa2021-12-21 12:51:32.197root 11241100x8000000000000000726197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0658b1608c158e2d2021-12-21 12:51:32.197root 11241100x8000000000000000726198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204123372169a52f2021-12-21 12:51:32.197root 11241100x8000000000000000726199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4115dd00ed4a3a862021-12-21 12:51:32.197root 11241100x8000000000000000726200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf7cbaaac591b062021-12-21 12:51:32.197root 11241100x8000000000000000726201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95620c335bb5a80f2021-12-21 12:51:32.197root 11241100x8000000000000000726202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e0962f056007af2021-12-21 12:51:32.694root 11241100x8000000000000000726203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1df9fadde06c12021-12-21 12:51:32.694root 11241100x8000000000000000726204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57860ae8018d40452021-12-21 12:51:32.694root 11241100x8000000000000000726205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bdf7279b2d67fe2021-12-21 12:51:32.694root 11241100x8000000000000000726206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab8ef83d9f2129b2021-12-21 12:51:32.694root 11241100x8000000000000000726207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd61d6899fc0bfa2021-12-21 12:51:32.694root 11241100x8000000000000000726208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02533dfa680ead8d2021-12-21 12:51:32.694root 11241100x8000000000000000726209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706f245569bfa4082021-12-21 12:51:32.694root 11241100x8000000000000000726210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91742d7e8fffa2462021-12-21 12:51:32.695root 11241100x8000000000000000726211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253af30ed240c4312021-12-21 12:51:32.695root 11241100x8000000000000000726212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5971e3f4ecd29ab92021-12-21 12:51:32.695root 11241100x8000000000000000726213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e2ccc7ecb6e6f2021-12-21 12:51:32.695root 11241100x8000000000000000726214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517315e6e1a850662021-12-21 12:51:32.695root 11241100x8000000000000000726215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343bc53a357492582021-12-21 12:51:32.695root 11241100x8000000000000000726216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283417c0ff3185212021-12-21 12:51:32.695root 11241100x8000000000000000726217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf4ea33bbc8f10a2021-12-21 12:51:32.695root 11241100x8000000000000000726218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b341e2f9bf121b2021-12-21 12:51:32.695root 11241100x8000000000000000726219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc6c4c4c295ba92021-12-21 12:51:32.696root 11241100x8000000000000000726220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65c121b2abc35f82021-12-21 12:51:32.696root 11241100x8000000000000000726221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a86926e1edaa592021-12-21 12:51:32.696root 11241100x8000000000000000726222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcdb3dfec339ddb2021-12-21 12:51:32.696root 11241100x8000000000000000726223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e8551674cd9f4a2021-12-21 12:51:32.696root 11241100x8000000000000000726224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e3787ea5a5829a2021-12-21 12:51:32.696root 11241100x8000000000000000726225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993c5bd373a51f902021-12-21 12:51:32.696root 11241100x8000000000000000726226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b293cccfcc4cc2021-12-21 12:51:32.696root 11241100x8000000000000000726227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792711eb0faf49ea2021-12-21 12:51:32.696root 11241100x8000000000000000726228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4710c5c3d948da052021-12-21 12:51:32.697root 11241100x8000000000000000726229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f1e5aac093f8c42021-12-21 12:51:32.697root 11241100x8000000000000000726230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe5f7cab7407c02021-12-21 12:51:32.697root 11241100x8000000000000000726231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd33d89eb1787a72021-12-21 12:51:33.194root 11241100x8000000000000000726232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3924a8564933408f2021-12-21 12:51:33.194root 11241100x8000000000000000726233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faf664da8f0a8452021-12-21 12:51:33.194root 11241100x8000000000000000726234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac68cef5cbfa0dd2021-12-21 12:51:33.194root 11241100x8000000000000000726235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb219aa9473f77f92021-12-21 12:51:33.194root 11241100x8000000000000000726236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1178b87824c562342021-12-21 12:51:33.194root 11241100x8000000000000000726237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d53c1a7877556872021-12-21 12:51:33.194root 11241100x8000000000000000726238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cde8133f328bae2021-12-21 12:51:33.194root 11241100x8000000000000000726239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5cc5abf9a73a622021-12-21 12:51:33.194root 11241100x8000000000000000726240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8201f5cb9d8f332021-12-21 12:51:33.194root 11241100x8000000000000000726241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085221cd9acbca112021-12-21 12:51:33.195root 11241100x8000000000000000726242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d92f0b85d948d82021-12-21 12:51:33.195root 11241100x8000000000000000726243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f9e8a8c42116122021-12-21 12:51:33.195root 11241100x8000000000000000726244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdd07fb3fd231172021-12-21 12:51:33.195root 11241100x8000000000000000726245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a44227f34d6c502021-12-21 12:51:33.195root 11241100x8000000000000000726246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6418ce978fdd8d72021-12-21 12:51:33.195root 11241100x8000000000000000726247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636044b3dc49ae672021-12-21 12:51:33.195root 11241100x8000000000000000726248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f43a3f8b573576d2021-12-21 12:51:33.195root 11241100x8000000000000000726249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdbe5b7f475f4262021-12-21 12:51:33.196root 11241100x8000000000000000726250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aa3d60882a40372021-12-21 12:51:33.196root 11241100x8000000000000000726251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc6c9c2203f6792021-12-21 12:51:33.196root 11241100x8000000000000000726252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0501cfbc02c4fe672021-12-21 12:51:33.196root 11241100x8000000000000000726253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952d4bd5370cc1462021-12-21 12:51:33.196root 11241100x8000000000000000726254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf5a36b8771ab972021-12-21 12:51:33.196root 11241100x8000000000000000726255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ae48f7f4c985b2021-12-21 12:51:33.196root 11241100x8000000000000000726256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158ee36b7759a55e2021-12-21 12:51:33.196root 11241100x8000000000000000726257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b065fae617863ed12021-12-21 12:51:33.197root 11241100x8000000000000000726258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ec3db73c4f737b2021-12-21 12:51:33.197root 11241100x8000000000000000726259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540cacc1271d5442021-12-21 12:51:33.197root 11241100x8000000000000000726260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa44638484000332021-12-21 12:51:33.694root 11241100x8000000000000000726261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be30decf20a4bf202021-12-21 12:51:33.694root 11241100x8000000000000000726262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b80a30969992682021-12-21 12:51:33.694root 11241100x8000000000000000726263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3744f695adde905f2021-12-21 12:51:33.694root 11241100x8000000000000000726264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e895150ad5cf4c2021-12-21 12:51:33.694root 11241100x8000000000000000726265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1273de46919927f2021-12-21 12:51:33.694root 11241100x8000000000000000726266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b12b511cbaf5372021-12-21 12:51:33.694root 11241100x8000000000000000726267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653819baf7007f0a2021-12-21 12:51:33.694root 11241100x8000000000000000726268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f469457efdffbf2021-12-21 12:51:33.694root 11241100x8000000000000000726269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8091ca87efc0456d2021-12-21 12:51:33.694root 11241100x8000000000000000726270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adf8ceca0dd832e2021-12-21 12:51:33.694root 11241100x8000000000000000726271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dc829475168b422021-12-21 12:51:33.695root 11241100x8000000000000000726272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280996434b912bc62021-12-21 12:51:33.695root 11241100x8000000000000000726273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970b727cfe86f5532021-12-21 12:51:33.695root 11241100x8000000000000000726274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db92dd3141c32ea2021-12-21 12:51:33.695root 11241100x8000000000000000726275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8743b3b31c6fd82021-12-21 12:51:33.695root 11241100x8000000000000000726276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b322211e5a061f042021-12-21 12:51:33.695root 11241100x8000000000000000726277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8378fcbdbb2a83e22021-12-21 12:51:33.695root 11241100x8000000000000000726278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99654dfcee81dff62021-12-21 12:51:33.695root 11241100x8000000000000000726279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4573143964939b3e2021-12-21 12:51:33.695root 11241100x8000000000000000726280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9917eae16b409afb2021-12-21 12:51:33.695root 11241100x8000000000000000726281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b65a8cd2e2510c92021-12-21 12:51:33.695root 11241100x8000000000000000726282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4b1f65740a06062021-12-21 12:51:33.696root 11241100x8000000000000000726283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917e6e3efb9f12f02021-12-21 12:51:33.696root 11241100x8000000000000000726284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eac96495b2ff1e62021-12-21 12:51:33.696root 11241100x8000000000000000726285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc159a194b384e92021-12-21 12:51:33.696root 11241100x8000000000000000726286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc41a0fa48308d462021-12-21 12:51:33.696root 11241100x8000000000000000726287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25661188de3ef442021-12-21 12:51:33.696root 11241100x8000000000000000726288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03c8bfd1ab910892021-12-21 12:51:33.696root 11241100x8000000000000000726289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cc1870fc6d8be92021-12-21 12:51:34.194root 11241100x8000000000000000726290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51120b6664fd78492021-12-21 12:51:34.194root 11241100x8000000000000000726291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba91a2f7eb18dda62021-12-21 12:51:34.194root 11241100x8000000000000000726292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e24f40a7fca3c342021-12-21 12:51:34.194root 11241100x8000000000000000726293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c6ac6380e528062021-12-21 12:51:34.194root 11241100x8000000000000000726294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b96ac44619a212021-12-21 12:51:34.194root 11241100x8000000000000000726295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017a71906d7f982c2021-12-21 12:51:34.194root 11241100x8000000000000000726296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28856b815362d232021-12-21 12:51:34.194root 11241100x8000000000000000726297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a331e1870e4ef02021-12-21 12:51:34.194root 11241100x8000000000000000726298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7670f47337209e862021-12-21 12:51:34.194root 11241100x8000000000000000726299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0734051a77c163b72021-12-21 12:51:34.194root 11241100x8000000000000000726300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d065a67c8d832ec2021-12-21 12:51:34.195root 11241100x8000000000000000726301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dcec39792e2f2a2021-12-21 12:51:34.195root 11241100x8000000000000000726302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b42500a0c295932021-12-21 12:51:34.195root 11241100x8000000000000000726303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad359fd3119317a2021-12-21 12:51:34.195root 11241100x8000000000000000726304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ad9591db5fdf0b2021-12-21 12:51:34.195root 11241100x8000000000000000726305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53bb2e97e9091062021-12-21 12:51:34.195root 11241100x8000000000000000726306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c10bc51c9fd98c2021-12-21 12:51:34.195root 11241100x8000000000000000726307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa459019c36ec3e2021-12-21 12:51:34.196root 11241100x8000000000000000726308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f600245de490bc6c2021-12-21 12:51:34.196root 11241100x8000000000000000726309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e553d5619cc0f32021-12-21 12:51:34.196root 11241100x8000000000000000726310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d482e467bfe0732021-12-21 12:51:34.196root 11241100x8000000000000000726311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bed57c26bb16522021-12-21 12:51:34.196root 11241100x8000000000000000726312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46164afc7a2890f2021-12-21 12:51:34.196root 11241100x8000000000000000726313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfce01eb128dc1712021-12-21 12:51:34.196root 11241100x8000000000000000726314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b81f612bdbcd7b2021-12-21 12:51:34.196root 11241100x8000000000000000726315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe79fa6777ec4072021-12-21 12:51:34.196root 11241100x8000000000000000726316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939a4644f094510d2021-12-21 12:51:34.196root 11241100x8000000000000000726317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e43b3bf532f8faa2021-12-21 12:51:34.197root 11241100x8000000000000000726318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf569c13d0f6f8512021-12-21 12:51:34.694root 11241100x8000000000000000726319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e760e419e6d2d2021-12-21 12:51:34.694root 11241100x8000000000000000726320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac237973309b99f92021-12-21 12:51:34.694root 11241100x8000000000000000726321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e36a538123fb3bb2021-12-21 12:51:34.694root 11241100x8000000000000000726322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798e64ab3188d3a82021-12-21 12:51:34.694root 11241100x8000000000000000726323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86f9129d72f590e2021-12-21 12:51:34.694root 11241100x8000000000000000726324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3067a60a06c65a2021-12-21 12:51:34.694root 11241100x8000000000000000726325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88f22e88b54145f2021-12-21 12:51:34.694root 11241100x8000000000000000726326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a37339b24c2644b2021-12-21 12:51:34.694root 11241100x8000000000000000726327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e35a7f531c69c2021-12-21 12:51:34.694root 11241100x8000000000000000726328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8505f5ad1347f12021-12-21 12:51:34.694root 11241100x8000000000000000726329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019c9d0a817da3ad2021-12-21 12:51:34.694root 11241100x8000000000000000726330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a15cf9c2e4b04bb2021-12-21 12:51:34.694root 11241100x8000000000000000726331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9956ef038bee52702021-12-21 12:51:34.694root 11241100x8000000000000000726332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa332fe3e9fa60a02021-12-21 12:51:34.695root 11241100x8000000000000000726333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cee4cdae2a22472021-12-21 12:51:34.695root 11241100x8000000000000000726334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db84441725091a912021-12-21 12:51:34.695root 11241100x8000000000000000726335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ddf79d479b731b2021-12-21 12:51:34.695root 11241100x8000000000000000726336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86ffe9464a596f32021-12-21 12:51:34.695root 11241100x8000000000000000726337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046137a7013402f22021-12-21 12:51:34.695root 11241100x8000000000000000726338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9f70ccfd3dd2b32021-12-21 12:51:34.695root 11241100x8000000000000000726339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9c73e8b920b6542021-12-21 12:51:34.695root 11241100x8000000000000000726340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b782c8c33a0b932021-12-21 12:51:34.695root 11241100x8000000000000000726341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf291fae9a9133c52021-12-21 12:51:34.695root 11241100x8000000000000000726342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b38e1213f4d923f2021-12-21 12:51:34.695root 11241100x8000000000000000726343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6527e716e1186152021-12-21 12:51:34.695root 11241100x8000000000000000726344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9c29307582f3292021-12-21 12:51:34.695root 11241100x8000000000000000726345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2baa8cde6c628ab2021-12-21 12:51:34.695root 11241100x8000000000000000726346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bb3e7122b4e20c2021-12-21 12:51:34.695root 11241100x8000000000000000726347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bfbaa6b808dfe52021-12-21 12:51:35.192root 11241100x8000000000000000726348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c5a5d4d0dc44052021-12-21 12:51:35.193root 11241100x8000000000000000726349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfebcdb6f66aea02021-12-21 12:51:35.193root 11241100x8000000000000000726350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e12f88d932cc0c52021-12-21 12:51:35.193root 11241100x8000000000000000726351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5a2ba67489b6ff2021-12-21 12:51:35.193root 11241100x8000000000000000726352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eda1312237f37d2021-12-21 12:51:35.193root 11241100x8000000000000000726353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aadcf4fca600fb12021-12-21 12:51:35.193root 11241100x8000000000000000726354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecca7402e7cc2602021-12-21 12:51:35.193root 11241100x8000000000000000726355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefd650c639bc0b92021-12-21 12:51:35.193root 11241100x8000000000000000726356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dee858af94284e62021-12-21 12:51:35.193root 11241100x8000000000000000726357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f174970f48b858642021-12-21 12:51:35.193root 11241100x8000000000000000726358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16021abe4a7acf512021-12-21 12:51:35.193root 11241100x8000000000000000726359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adee6325e46a7d8b2021-12-21 12:51:35.194root 11241100x8000000000000000726360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e29a3a5b2593f6e2021-12-21 12:51:35.194root 11241100x8000000000000000726361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56e2d18341099fd2021-12-21 12:51:35.194root 11241100x8000000000000000726362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b2ae8a337015d92021-12-21 12:51:35.194root 11241100x8000000000000000726363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b5d936cd6608d72021-12-21 12:51:35.194root 11241100x8000000000000000726364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f6c2413b41704e2021-12-21 12:51:35.194root 11241100x8000000000000000726365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a00450b65db7adb2021-12-21 12:51:35.194root 11241100x8000000000000000726366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c75937120536272021-12-21 12:51:35.194root 11241100x8000000000000000726367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a156463b947c0222021-12-21 12:51:35.194root 11241100x8000000000000000726368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eb4a930901eee42021-12-21 12:51:35.194root 11241100x8000000000000000726369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991a7c0db9343382021-12-21 12:51:35.194root 11241100x8000000000000000726370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e96fc642f45c262021-12-21 12:51:35.195root 11241100x8000000000000000726371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b15a7263a260bc2021-12-21 12:51:35.195root 11241100x8000000000000000726372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95f6827a0a447642021-12-21 12:51:35.195root 11241100x8000000000000000726373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b05db5bd6537922021-12-21 12:51:35.195root 11241100x8000000000000000726374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e9a26549a34a872021-12-21 12:51:35.195root 11241100x8000000000000000726375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e0caa923ad02e72021-12-21 12:51:35.195root 11241100x8000000000000000726376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4154393d71da1d1c2021-12-21 12:51:35.195root 11241100x8000000000000000726377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9fe59db9fc4d8c2021-12-21 12:51:35.195root 11241100x8000000000000000726378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c77e9fa6c1dcacd2021-12-21 12:51:35.195root 11241100x8000000000000000726379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36707d962b2daac62021-12-21 12:51:35.195root 11241100x8000000000000000726380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff45a79bafa374b2021-12-21 12:51:35.195root 11241100x8000000000000000726381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b450c6145afba82021-12-21 12:51:35.196root 11241100x8000000000000000726382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff946fe30f493c32021-12-21 12:51:35.694root 11241100x8000000000000000726383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1ed68430d567bb2021-12-21 12:51:35.694root 11241100x8000000000000000726384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc2b510568741c62021-12-21 12:51:35.694root 11241100x8000000000000000726385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e124b993f061842021-12-21 12:51:35.694root 11241100x8000000000000000726386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d20f4f626cc8e82021-12-21 12:51:35.694root 11241100x8000000000000000726387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b515884fab28222021-12-21 12:51:35.694root 11241100x8000000000000000726388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603614b925e9847a2021-12-21 12:51:35.694root 11241100x8000000000000000726389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ce815cdbfbb7a2021-12-21 12:51:35.694root 11241100x8000000000000000726390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7c70fa9fb24ab2021-12-21 12:51:35.694root 11241100x8000000000000000726391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a24c0663a7874e32021-12-21 12:51:35.694root 11241100x8000000000000000726392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702be4f2daf71cf42021-12-21 12:51:35.694root 11241100x8000000000000000726393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed3fd16e081e4ef2021-12-21 12:51:35.695root 11241100x8000000000000000726394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeaa11ad1e0ebcb2021-12-21 12:51:35.695root 11241100x8000000000000000726395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5116e9651049bf2021-12-21 12:51:35.695root 11241100x8000000000000000726396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38363dafb2900e3c2021-12-21 12:51:35.695root 11241100x8000000000000000726397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a19948af144e58a2021-12-21 12:51:35.695root 11241100x8000000000000000726398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b406b65a205dd502021-12-21 12:51:35.695root 11241100x8000000000000000726399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0faa42b5017f7d82021-12-21 12:51:35.695root 11241100x8000000000000000726400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e6b0e4c02af312021-12-21 12:51:35.695root 11241100x8000000000000000726401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bdefa6d6e873b62021-12-21 12:51:35.695root 11241100x8000000000000000726402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a10da60b13aae202021-12-21 12:51:35.695root 11241100x8000000000000000726403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5c9e5a27dd8dab2021-12-21 12:51:35.695root 11241100x8000000000000000726404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d594fc0823e1e2021-12-21 12:51:35.695root 11241100x8000000000000000726405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c74c1952b7aa232021-12-21 12:51:35.695root 11241100x8000000000000000726406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9960a40a907f6a2021-12-21 12:51:35.695root 11241100x8000000000000000726407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf3ebe36720a522021-12-21 12:51:35.695root 11241100x8000000000000000726408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80c4b536d7fa812021-12-21 12:51:35.696root 11241100x8000000000000000726409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b628d0a147e2e2312021-12-21 12:51:35.696root 11241100x8000000000000000726410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbc617bea37ece82021-12-21 12:51:35.696root 354300x8000000000000000726411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.111{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50588-false10.0.1.12-8000- 11241100x8000000000000000726412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85b9823f1298d022021-12-21 12:51:36.112root 11241100x8000000000000000726413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a09fffcd4d2d9b12021-12-21 12:51:36.112root 11241100x8000000000000000726414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0b92f8b15758d2021-12-21 12:51:36.112root 11241100x8000000000000000726415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86d82170a164d892021-12-21 12:51:36.112root 11241100x8000000000000000726416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464bac93a87d49882021-12-21 12:51:36.112root 11241100x8000000000000000726417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2223d58c8712831f2021-12-21 12:51:36.112root 11241100x8000000000000000726418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847b335465d0060e2021-12-21 12:51:36.112root 11241100x8000000000000000726419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7262f7d145b01cd2021-12-21 12:51:36.113root 11241100x8000000000000000726420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9433715c9cabb9562021-12-21 12:51:36.113root 11241100x8000000000000000726421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14419d41cc4a40b62021-12-21 12:51:36.113root 11241100x8000000000000000726422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfe06d1bdd306082021-12-21 12:51:36.113root 11241100x8000000000000000726423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8cb9f5362e7f8c2021-12-21 12:51:36.113root 11241100x8000000000000000726424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429eda14759c3f302021-12-21 12:51:36.113root 11241100x8000000000000000726425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a90b0d3851442672021-12-21 12:51:36.113root 11241100x8000000000000000726426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c074ea227b4fb32021-12-21 12:51:36.113root 11241100x8000000000000000726427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a51a531d8f6f8762021-12-21 12:51:36.113root 11241100x8000000000000000726428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3035aa2612a75b4d2021-12-21 12:51:36.113root 11241100x8000000000000000726429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c257522293c30222021-12-21 12:51:36.113root 11241100x8000000000000000726430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6719583532c34d72021-12-21 12:51:36.113root 11241100x8000000000000000726431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8666820203fa70c2021-12-21 12:51:36.114root 11241100x8000000000000000726432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55ec75743d6e3432021-12-21 12:51:36.114root 11241100x8000000000000000726433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba89072e2b69f62021-12-21 12:51:36.114root 11241100x8000000000000000726434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bd1aefa2158d202021-12-21 12:51:36.114root 11241100x8000000000000000726435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6710bf46c5fc0fa42021-12-21 12:51:36.114root 11241100x8000000000000000726436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197a5d1adba10fb12021-12-21 12:51:36.114root 11241100x8000000000000000726437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947306b90c9638832021-12-21 12:51:36.114root 11241100x8000000000000000726438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c595291cf34b1132021-12-21 12:51:36.114root 11241100x8000000000000000726439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3458aabef0141eeb2021-12-21 12:51:36.114root 11241100x8000000000000000726440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c35f7a114d5fae2021-12-21 12:51:36.114root 11241100x8000000000000000726441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2807503338ab3ca02021-12-21 12:51:36.115root 11241100x8000000000000000726442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e365c0f92ac0572021-12-21 12:51:36.115root 11241100x8000000000000000726443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4591707c170e98e2021-12-21 12:51:36.115root 11241100x8000000000000000726444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80058ed60a2ea162021-12-21 12:51:36.115root 11241100x8000000000000000726445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34923bfd70b7a5d2021-12-21 12:51:36.115root 11241100x8000000000000000726446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3557d666000b16082021-12-21 12:51:36.115root 11241100x8000000000000000726447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37275e4c4c3803e92021-12-21 12:51:36.115root 11241100x8000000000000000726448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bcec97201f611c2021-12-21 12:51:36.115root 11241100x8000000000000000726449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83468ef06da9fe662021-12-21 12:51:36.115root 11241100x8000000000000000726450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e36fe3e268b07f62021-12-21 12:51:36.116root 11241100x8000000000000000726451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0a32dddfb1b82c2021-12-21 12:51:36.116root 11241100x8000000000000000726452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc922fc38fb90cd2021-12-21 12:51:36.116root 11241100x8000000000000000726453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edfdf6b7f90deda2021-12-21 12:51:36.116root 11241100x8000000000000000726454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4311247b24f103852021-12-21 12:51:36.116root 11241100x8000000000000000726455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1446ec67396916612021-12-21 12:51:36.116root 11241100x8000000000000000726456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8230e433fc5ff21e2021-12-21 12:51:36.116root 11241100x8000000000000000726457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc0bd2a96ee8a742021-12-21 12:51:36.116root 11241100x8000000000000000726458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.131{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:51:36.131root 11241100x8000000000000000726459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fdd32581ba10ee2021-12-21 12:51:36.443root 11241100x8000000000000000726460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7918807f2565fe532021-12-21 12:51:36.443root 11241100x8000000000000000726461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9badc8b31478b12021-12-21 12:51:36.443root 11241100x8000000000000000726462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac349e53d8ebb142021-12-21 12:51:36.443root 11241100x8000000000000000726463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb7a07485d2f7b52021-12-21 12:51:36.444root 11241100x8000000000000000726464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080247351da404b32021-12-21 12:51:36.444root 11241100x8000000000000000726465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b367fee903dfe16d2021-12-21 12:51:36.444root 11241100x8000000000000000726466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e9ba49e696f01e2021-12-21 12:51:36.444root 11241100x8000000000000000726467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc20e7c6d7c9d1f02021-12-21 12:51:36.444root 11241100x8000000000000000726468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0741a7a48655b62021-12-21 12:51:36.444root 11241100x8000000000000000726469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f313054e4cbc01292021-12-21 12:51:36.444root 11241100x8000000000000000726470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38d0884e56261a2021-12-21 12:51:36.444root 11241100x8000000000000000726471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2033572f84fdb62021-12-21 12:51:36.444root 11241100x8000000000000000726472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c536958a669aec2021-12-21 12:51:36.444root 11241100x8000000000000000726473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77488f93d4ef7aaa2021-12-21 12:51:36.444root 11241100x8000000000000000726474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b79b29595cd37252021-12-21 12:51:36.444root 11241100x8000000000000000726475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff6d3646d1ce0262021-12-21 12:51:36.444root 11241100x8000000000000000726476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc7d0749078706e2021-12-21 12:51:36.444root 11241100x8000000000000000726477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448a93d3d4d6f132021-12-21 12:51:36.444root 11241100x8000000000000000726478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a56fe6c6b3f8882021-12-21 12:51:36.444root 11241100x8000000000000000726479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495d2a4d3007f7e42021-12-21 12:51:36.445root 11241100x8000000000000000726480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada9ca22e817af862021-12-21 12:51:36.445root 11241100x8000000000000000726481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925e29563cd630572021-12-21 12:51:36.445root 11241100x8000000000000000726482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc679eb2f63ffcd42021-12-21 12:51:36.445root 11241100x8000000000000000726483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b75221196ff002021-12-21 12:51:36.445root 11241100x8000000000000000726484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c08bcb4e18e111d2021-12-21 12:51:36.445root 11241100x8000000000000000726485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c83c782ecde8e92021-12-21 12:51:36.445root 11241100x8000000000000000726486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e67b01f5901212021-12-21 12:51:36.445root 11241100x8000000000000000726487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8feb2963b5c83c2021-12-21 12:51:36.445root 11241100x8000000000000000726488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90736aabadc38b6e2021-12-21 12:51:36.445root 11241100x8000000000000000726489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3709e01970d9ee9c2021-12-21 12:51:36.445root 11241100x8000000000000000726490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe134c2f5fc8452021-12-21 12:51:36.943root 11241100x8000000000000000726491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd022498e5244292021-12-21 12:51:36.943root 11241100x8000000000000000726492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e524d15fe640451b2021-12-21 12:51:36.943root 11241100x8000000000000000726493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2f533792198fa92021-12-21 12:51:36.944root 11241100x8000000000000000726494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f51d2739ffa98c2021-12-21 12:51:36.944root 11241100x8000000000000000726495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff79d3ec08aa7392021-12-21 12:51:36.944root 11241100x8000000000000000726496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb5f7f94df8be622021-12-21 12:51:36.944root 11241100x8000000000000000726497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b806cc4ee92b4d2021-12-21 12:51:36.944root 11241100x8000000000000000726498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96947b866b80536c2021-12-21 12:51:36.944root 11241100x8000000000000000726499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5a459b9409daf32021-12-21 12:51:36.944root 11241100x8000000000000000726500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9012af920ccdee2021-12-21 12:51:36.944root 11241100x8000000000000000726501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14081363cfbce6e42021-12-21 12:51:36.944root 11241100x8000000000000000726502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484645d0c53cc9502021-12-21 12:51:36.944root 11241100x8000000000000000726503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fec325cd4a95bc2021-12-21 12:51:36.944root 11241100x8000000000000000726504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aea8c5bd22199a2021-12-21 12:51:36.945root 11241100x8000000000000000726505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eb7d04ad6bb6002021-12-21 12:51:36.945root 11241100x8000000000000000726506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c809c9496a0bf852021-12-21 12:51:36.945root 11241100x8000000000000000726507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a276aa8af51e8c2021-12-21 12:51:36.945root 11241100x8000000000000000726508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea97844fa4322a2f2021-12-21 12:51:36.945root 11241100x8000000000000000726509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144337edd379e5552021-12-21 12:51:36.945root 11241100x8000000000000000726510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e7b91510bffa32021-12-21 12:51:36.945root 11241100x8000000000000000726511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838346d7168cfdf62021-12-21 12:51:36.945root 11241100x8000000000000000726512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df427560ffd9f6d2021-12-21 12:51:36.945root 11241100x8000000000000000726513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0359407cb9a76e2021-12-21 12:51:36.946root 11241100x8000000000000000726514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a734a60c5c31c3112021-12-21 12:51:36.946root 11241100x8000000000000000726515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16728d58a1c2f3b82021-12-21 12:51:36.946root 11241100x8000000000000000726516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d9d269ac9d65c32021-12-21 12:51:36.946root 11241100x8000000000000000726517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3822fe01381e56e2021-12-21 12:51:36.946root 11241100x8000000000000000726518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8ee533d2e17b0f2021-12-21 12:51:36.946root 11241100x8000000000000000726519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1894f3299d5f32021-12-21 12:51:36.946root 11241100x8000000000000000726520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e66eb04e3bf8b02021-12-21 12:51:36.946root 11241100x8000000000000000726521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2266652baf5462021-12-21 12:51:36.946root 11241100x8000000000000000726522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06df2767e66e5cd2021-12-21 12:51:37.443root 11241100x8000000000000000726523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a469f03740f1c12021-12-21 12:51:37.443root 11241100x8000000000000000726524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea157a7a27a2d62a2021-12-21 12:51:37.443root 11241100x8000000000000000726525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbe3a5ae6fa98442021-12-21 12:51:37.443root 11241100x8000000000000000726526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a2211fac78a9b82021-12-21 12:51:37.444root 11241100x8000000000000000726527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ae0ac694b7d8122021-12-21 12:51:37.444root 11241100x8000000000000000726528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe67f94b70f8772021-12-21 12:51:37.444root 11241100x8000000000000000726529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57545c4b386b9bc62021-12-21 12:51:37.444root 11241100x8000000000000000726530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c0b80f8b779f1a2021-12-21 12:51:37.444root 11241100x8000000000000000726531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518bfc6775e74b422021-12-21 12:51:37.444root 11241100x8000000000000000726532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb80e29f185b93a2021-12-21 12:51:37.444root 11241100x8000000000000000726533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c97da118e2e772021-12-21 12:51:37.444root 11241100x8000000000000000726534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8040cc8f0c4d955a2021-12-21 12:51:37.444root 11241100x8000000000000000726535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71fa8f8ac1aa9452021-12-21 12:51:37.444root 11241100x8000000000000000726536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b59d8240efdd6eb2021-12-21 12:51:37.444root 11241100x8000000000000000726537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8af3b8cfdfa2ad2021-12-21 12:51:37.444root 11241100x8000000000000000726538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e594240fd4a15f2021-12-21 12:51:37.444root 11241100x8000000000000000726539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136bb3c04f1c62562021-12-21 12:51:37.444root 11241100x8000000000000000726540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4337b022a3107c32021-12-21 12:51:37.444root 11241100x8000000000000000726541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246ee2a3a7f607332021-12-21 12:51:37.444root 11241100x8000000000000000726542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e1ca7ec9866c462021-12-21 12:51:37.445root 11241100x8000000000000000726543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1c525ffe316a2e2021-12-21 12:51:37.445root 11241100x8000000000000000726544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143f830e32bff1962021-12-21 12:51:37.445root 11241100x8000000000000000726545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123377f9eb7bc47b2021-12-21 12:51:37.445root 11241100x8000000000000000726546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4503ca1ad0c2cd942021-12-21 12:51:37.445root 11241100x8000000000000000726547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59d36c6b51979152021-12-21 12:51:37.445root 11241100x8000000000000000726548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4733dfa697ac5aec2021-12-21 12:51:37.445root 11241100x8000000000000000726549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1ef03fe648181a2021-12-21 12:51:37.445root 11241100x8000000000000000726550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e979df9db8e822a2021-12-21 12:51:37.445root 11241100x8000000000000000726551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f99f8f2752acc2021-12-21 12:51:37.445root 11241100x8000000000000000726552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b58a4d67c6f6ec12021-12-21 12:51:37.445root 11241100x8000000000000000726553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1047a96c9cdf402021-12-21 12:51:37.952root 11241100x8000000000000000726554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83146f64f3be66862021-12-21 12:51:37.952root 11241100x8000000000000000726555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d2be3877618fe22021-12-21 12:51:37.953root 11241100x8000000000000000726556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b68b5bcf58b7a0b2021-12-21 12:51:37.953root 11241100x8000000000000000726557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1963315192b3ed392021-12-21 12:51:37.953root 11241100x8000000000000000726558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f88620fb681fd172021-12-21 12:51:37.953root 11241100x8000000000000000726559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88071f193371a6f22021-12-21 12:51:37.953root 11241100x8000000000000000726560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503b2b3bb705ad932021-12-21 12:51:37.953root 11241100x8000000000000000726561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c6478a6e5f58b32021-12-21 12:51:37.953root 11241100x8000000000000000726562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269af53a533d03f12021-12-21 12:51:37.954root 11241100x8000000000000000726563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e9d942170942a52021-12-21 12:51:37.954root 11241100x8000000000000000726564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ce3b78b5b9d76a2021-12-21 12:51:37.954root 11241100x8000000000000000726565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b5a4c87040a2e92021-12-21 12:51:37.954root 11241100x8000000000000000726566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399105b98fd5d4142021-12-21 12:51:37.954root 11241100x8000000000000000726567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3659d42e331e76312021-12-21 12:51:37.954root 11241100x8000000000000000726568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3ac7c2a160e4a42021-12-21 12:51:37.954root 11241100x8000000000000000726569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a3db892dea29c92021-12-21 12:51:37.954root 11241100x8000000000000000726570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774884522d969fd2021-12-21 12:51:37.954root 11241100x8000000000000000726571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8e147ff301b7b72021-12-21 12:51:37.954root 11241100x8000000000000000726572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5ea30bc172fc652021-12-21 12:51:37.954root 11241100x8000000000000000726573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d000ab56fc34c2e2021-12-21 12:51:37.954root 11241100x8000000000000000726574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa54ddfcc1e157f02021-12-21 12:51:37.955root 11241100x8000000000000000726575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737a2e3ab8106a92021-12-21 12:51:37.955root 11241100x8000000000000000726576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6136325c89a1ec702021-12-21 12:51:37.955root 11241100x8000000000000000726577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5212a801db97db2021-12-21 12:51:37.955root 11241100x8000000000000000726578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8957f300c97fe8ba2021-12-21 12:51:37.955root 11241100x8000000000000000726579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9197fba5dbd8cacb2021-12-21 12:51:37.955root 11241100x8000000000000000726580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b858004486407912021-12-21 12:51:37.955root 11241100x8000000000000000726581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f169bdf100cea76b2021-12-21 12:51:37.955root 11241100x8000000000000000726582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14f5e6012d433f62021-12-21 12:51:37.956root 11241100x8000000000000000726583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae36ef3c218b70302021-12-21 12:51:37.956root 11241100x8000000000000000726584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda73dd6b42dd0bb2021-12-21 12:51:37.956root 11241100x8000000000000000726585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:37.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed032621f53e52b2021-12-21 12:51:37.956root 11241100x8000000000000000726586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b86cbecc777852021-12-21 12:51:38.443root 11241100x8000000000000000726587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c146f9ae10f0f772021-12-21 12:51:38.443root 11241100x8000000000000000726588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e02505ada1e7a2021-12-21 12:51:38.443root 11241100x8000000000000000726589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb865b0be8baabd42021-12-21 12:51:38.443root 11241100x8000000000000000726590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002b2ab2494e2c852021-12-21 12:51:38.444root 11241100x8000000000000000726591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eec013ad3433e92021-12-21 12:51:38.444root 11241100x8000000000000000726592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5edef5f2798fa392021-12-21 12:51:38.444root 11241100x8000000000000000726593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1e14f9cd3fce022021-12-21 12:51:38.444root 11241100x8000000000000000726594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23cdbb826d0cd1e2021-12-21 12:51:38.444root 11241100x8000000000000000726595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56115392af2c709a2021-12-21 12:51:38.444root 11241100x8000000000000000726596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af18e3d8f76bc0652021-12-21 12:51:38.444root 11241100x8000000000000000726597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4072684e525f4c32021-12-21 12:51:38.444root 11241100x8000000000000000726598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062f14552879ea7b2021-12-21 12:51:38.444root 11241100x8000000000000000726599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd944d9bb5b8dae2021-12-21 12:51:38.444root 11241100x8000000000000000726600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a3fd204f7da91f2021-12-21 12:51:38.444root 11241100x8000000000000000726601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc2cccdb9e684462021-12-21 12:51:38.444root 11241100x8000000000000000726602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a526502163c6e7552021-12-21 12:51:38.444root 11241100x8000000000000000726603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c62fb9551a72e02021-12-21 12:51:38.444root 11241100x8000000000000000726604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446c8cc9d3a4faf42021-12-21 12:51:38.444root 11241100x8000000000000000726605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4718947adeff9f2021-12-21 12:51:38.444root 11241100x8000000000000000726606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959615ed95828fb2021-12-21 12:51:38.445root 11241100x8000000000000000726607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47900f530190312e2021-12-21 12:51:38.445root 11241100x8000000000000000726608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d06b7f738f05cc72021-12-21 12:51:38.445root 11241100x8000000000000000726609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6acb5b338d554d02021-12-21 12:51:38.445root 11241100x8000000000000000726610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51122663c1821ca12021-12-21 12:51:38.445root 11241100x8000000000000000726611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189aa8a41be7e2cc2021-12-21 12:51:38.445root 11241100x8000000000000000726612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e261f871f3c0242021-12-21 12:51:38.445root 11241100x8000000000000000726613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd52c48e713ef63c2021-12-21 12:51:38.445root 11241100x8000000000000000726614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa40f5dcfbfbd372021-12-21 12:51:38.445root 11241100x8000000000000000726615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52141fc065aad082021-12-21 12:51:38.445root 11241100x8000000000000000726616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d677c0af175b72021-12-21 12:51:38.445root 11241100x8000000000000000726617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca097bc83b6d8ee2021-12-21 12:51:38.943root 11241100x8000000000000000726618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f117961c2765c8092021-12-21 12:51:38.943root 11241100x8000000000000000726619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd10ae7695d9ff882021-12-21 12:51:38.943root 11241100x8000000000000000726620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568727b9703cb4f42021-12-21 12:51:38.943root 11241100x8000000000000000726621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14708a8296590ba2021-12-21 12:51:38.944root 11241100x8000000000000000726622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d70a80c3dc1b2c82021-12-21 12:51:38.944root 11241100x8000000000000000726623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659101fb2b32ce172021-12-21 12:51:38.944root 11241100x8000000000000000726624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d3c34e467bf0f82021-12-21 12:51:38.944root 11241100x8000000000000000726625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59de0aa31f1d012c2021-12-21 12:51:38.944root 11241100x8000000000000000726626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7afee19fd6b08402021-12-21 12:51:38.944root 11241100x8000000000000000726627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c3ff3522d2135f2021-12-21 12:51:38.944root 11241100x8000000000000000726628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4118e1072bebacc22021-12-21 12:51:38.944root 11241100x8000000000000000726629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715b236cc240596b2021-12-21 12:51:38.944root 11241100x8000000000000000726630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076c638deb246d8a2021-12-21 12:51:38.944root 11241100x8000000000000000726631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a222ed624c076392021-12-21 12:51:38.944root 11241100x8000000000000000726632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887c74f97ba004eb2021-12-21 12:51:38.944root 11241100x8000000000000000726633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679071c98edad79e2021-12-21 12:51:38.944root 11241100x8000000000000000726634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7710394847a2ba712021-12-21 12:51:38.944root 11241100x8000000000000000726635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27acc901163419582021-12-21 12:51:38.944root 11241100x8000000000000000726636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a636b24e582b7b772021-12-21 12:51:38.944root 11241100x8000000000000000726637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43323f2bca73339c2021-12-21 12:51:38.945root 11241100x8000000000000000726638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2ea8aa156c13ba2021-12-21 12:51:38.945root 11241100x8000000000000000726639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916bc771d372e6c42021-12-21 12:51:38.945root 11241100x8000000000000000726640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfbc969286c96092021-12-21 12:51:38.945root 11241100x8000000000000000726641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000a5ce5685ad1c02021-12-21 12:51:38.945root 11241100x8000000000000000726642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f058a2bb0d7ac6622021-12-21 12:51:38.945root 11241100x8000000000000000726643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fb8334b91ad31f2021-12-21 12:51:38.945root 11241100x8000000000000000726644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b886f113f81e57a02021-12-21 12:51:38.945root 11241100x8000000000000000726645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d319c3573e1a9592021-12-21 12:51:38.945root 11241100x8000000000000000726646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6382a232e29c0a92021-12-21 12:51:38.945root 11241100x8000000000000000726647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc54af5cd1adfe62021-12-21 12:51:38.945root 11241100x8000000000000000726648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43fa7336490f7352021-12-21 12:51:38.945root 11241100x8000000000000000726649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062a6db344807f9c2021-12-21 12:51:39.443root 11241100x8000000000000000726650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887e96668c057c172021-12-21 12:51:39.443root 11241100x8000000000000000726651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7c54027db49dca2021-12-21 12:51:39.443root 11241100x8000000000000000726652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69bcb7d106c2fbb2021-12-21 12:51:39.443root 11241100x8000000000000000726653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eaaf748bc9651b2021-12-21 12:51:39.444root 11241100x8000000000000000726654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba7992c2dd11cf22021-12-21 12:51:39.444root 11241100x8000000000000000726655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41f4b947160ef832021-12-21 12:51:39.444root 11241100x8000000000000000726656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae1feeedfaea4bb2021-12-21 12:51:39.444root 11241100x8000000000000000726657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14955667dfa9207f2021-12-21 12:51:39.444root 11241100x8000000000000000726658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93164b3a95090f5b2021-12-21 12:51:39.444root 11241100x8000000000000000726659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb64dd5cc5b4f3d2021-12-21 12:51:39.444root 11241100x8000000000000000726660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0779f53d6f858c92021-12-21 12:51:39.444root 11241100x8000000000000000726661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875aecff45ccbd2e2021-12-21 12:51:39.444root 11241100x8000000000000000726662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f6e3f7a754815a2021-12-21 12:51:39.444root 11241100x8000000000000000726663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e65301a9673f2f2021-12-21 12:51:39.444root 11241100x8000000000000000726664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab36b5e3ae462c062021-12-21 12:51:39.444root 11241100x8000000000000000726665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0416bde824717f2e2021-12-21 12:51:39.444root 11241100x8000000000000000726666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83eae88160c05ddf2021-12-21 12:51:39.445root 11241100x8000000000000000726667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75fba6809e7b482021-12-21 12:51:39.445root 11241100x8000000000000000726668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e05ebb92a1a6fb2021-12-21 12:51:39.445root 11241100x8000000000000000726669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548db5bb56de35372021-12-21 12:51:39.445root 11241100x8000000000000000726670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7d795ae61971012021-12-21 12:51:39.445root 11241100x8000000000000000726671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4259d8adb52deff02021-12-21 12:51:39.445root 11241100x8000000000000000726672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f78645bd928ce2021-12-21 12:51:39.445root 11241100x8000000000000000726673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3ebf615b2359662021-12-21 12:51:39.445root 11241100x8000000000000000726674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4c6c3675e2ef252021-12-21 12:51:39.445root 11241100x8000000000000000726675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7f4e2f9d2fb7642021-12-21 12:51:39.445root 11241100x8000000000000000726676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde8194f0c4d3ef2021-12-21 12:51:39.445root 11241100x8000000000000000726677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60f7ff07f84f1c92021-12-21 12:51:39.445root 11241100x8000000000000000726678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fee072ba3cfdca2021-12-21 12:51:39.445root 11241100x8000000000000000726679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af601c2aa1855252021-12-21 12:51:39.445root 11241100x8000000000000000726680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b5d8733bb5a6212021-12-21 12:51:39.445root 11241100x8000000000000000726681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba6881dd2c7f2222021-12-21 12:51:39.943root 11241100x8000000000000000726682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ed48976b945232021-12-21 12:51:39.943root 11241100x8000000000000000726683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fae5d764d6c5e82021-12-21 12:51:39.943root 11241100x8000000000000000726684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18232adfcff1304a2021-12-21 12:51:39.943root 11241100x8000000000000000726685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2eca44be9fd4082021-12-21 12:51:39.944root 11241100x8000000000000000726686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5daaa736cb892c2021-12-21 12:51:39.944root 11241100x8000000000000000726687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bf576262e90b0c2021-12-21 12:51:39.944root 11241100x8000000000000000726688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a54e4590a62ed92021-12-21 12:51:39.944root 11241100x8000000000000000726689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c78af3a5caf6abf2021-12-21 12:51:39.944root 11241100x8000000000000000726690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7265d87b5b2072021-12-21 12:51:39.944root 11241100x8000000000000000726691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2568572f573a2b2021-12-21 12:51:39.944root 11241100x8000000000000000726692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3168df2ec183ab752021-12-21 12:51:39.944root 11241100x8000000000000000726693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2335d2c82d8956592021-12-21 12:51:39.944root 11241100x8000000000000000726694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fabe2fa519b9cb92021-12-21 12:51:39.944root 11241100x8000000000000000726695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b982d2c6e45512021-12-21 12:51:39.944root 11241100x8000000000000000726696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db0882c129e84d52021-12-21 12:51:39.944root 11241100x8000000000000000726697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a886a1cabaa275f2021-12-21 12:51:39.944root 11241100x8000000000000000726698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f196479d011ce2192021-12-21 12:51:39.944root 11241100x8000000000000000726699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75137761fff588b2021-12-21 12:51:39.944root 11241100x8000000000000000726700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b334355b81372cb2021-12-21 12:51:39.945root 11241100x8000000000000000726701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdb7b99338cfa862021-12-21 12:51:39.945root 11241100x8000000000000000726702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aec9de84574aa6d2021-12-21 12:51:39.945root 11241100x8000000000000000726703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff69e0865c5c6d32021-12-21 12:51:39.945root 11241100x8000000000000000726704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9209ca9dc1acc9e82021-12-21 12:51:39.945root 11241100x8000000000000000726705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5080f0ecfa1befaf2021-12-21 12:51:39.945root 11241100x8000000000000000726706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af39f5a537be8ec2021-12-21 12:51:39.945root 11241100x8000000000000000726707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e44394a0fe4fcbb2021-12-21 12:51:39.945root 11241100x8000000000000000726708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544e0c17549fad302021-12-21 12:51:39.945root 11241100x8000000000000000726709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c901e37c6a8721902021-12-21 12:51:39.945root 11241100x8000000000000000726710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe9ed943ec46c5f2021-12-21 12:51:39.945root 11241100x8000000000000000726711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a83925f7e1a06312021-12-21 12:51:39.946root 11241100x8000000000000000726712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64977867d6d7c3bf2021-12-21 12:51:39.946root 154100x8000000000000000726713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.013{ec2b6afe-cddc-61c1-68c4-f79a81550000}10159/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000726714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.025{ec2b6afe-cddc-61c1-68c4-f79a81550000}10159/bin/psroot 11241100x8000000000000000726715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05408f75a23e484e2021-12-21 12:51:40.443root 11241100x8000000000000000726716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2572d0b15968172021-12-21 12:51:40.443root 11241100x8000000000000000726717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c2b3de8c1e3a0f2021-12-21 12:51:40.443root 11241100x8000000000000000726718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8666ffa8f78dc392021-12-21 12:51:40.443root 11241100x8000000000000000726719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdb71622bc5ba5c2021-12-21 12:51:40.444root 11241100x8000000000000000726720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52af8d3656af1e8e2021-12-21 12:51:40.444root 11241100x8000000000000000726721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26c0aef25f862c62021-12-21 12:51:40.444root 11241100x8000000000000000726722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68432f41d9ae2ae92021-12-21 12:51:40.444root 11241100x8000000000000000726723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304401ceafe80ea62021-12-21 12:51:40.444root 11241100x8000000000000000726724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae87ea5e354a3f932021-12-21 12:51:40.444root 11241100x8000000000000000726725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261ba20dad4e0bbf2021-12-21 12:51:40.444root 11241100x8000000000000000726726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945fb1e2fb70fb4d2021-12-21 12:51:40.444root 11241100x8000000000000000726727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8261ab089f586a852021-12-21 12:51:40.444root 11241100x8000000000000000726728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2501813e1585150c2021-12-21 12:51:40.444root 11241100x8000000000000000726729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad343160e8957e72021-12-21 12:51:40.444root 11241100x8000000000000000726730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5488657385fc23962021-12-21 12:51:40.444root 11241100x8000000000000000726731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f4ea4999152a4e2021-12-21 12:51:40.444root 11241100x8000000000000000726732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a8342498ec0382021-12-21 12:51:40.444root 11241100x8000000000000000726733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a119d72cbc6dce2021-12-21 12:51:40.444root 11241100x8000000000000000726734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcbf9bcb38e53242021-12-21 12:51:40.444root 11241100x8000000000000000726735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954eeba30a10cd9d2021-12-21 12:51:40.445root 11241100x8000000000000000726736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85838b5130f35b592021-12-21 12:51:40.445root 11241100x8000000000000000726737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c5d684fd84a9092021-12-21 12:51:40.445root 11241100x8000000000000000726738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8248f68c43edc5db2021-12-21 12:51:40.445root 11241100x8000000000000000726739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea102646a19cbba2021-12-21 12:51:40.445root 11241100x8000000000000000726740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60395be0d4168d9b2021-12-21 12:51:40.445root 11241100x8000000000000000726741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136e7a9683e4f4ae2021-12-21 12:51:40.445root 11241100x8000000000000000726742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9f3c1ef410cd3a2021-12-21 12:51:40.445root 11241100x8000000000000000726743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db43d481f2a20e72021-12-21 12:51:40.445root 11241100x8000000000000000726744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23815c4bf9cb4ef42021-12-21 12:51:40.445root 11241100x8000000000000000726745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f03431e4d4ceede2021-12-21 12:51:40.445root 11241100x8000000000000000726746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5991235a68d30c712021-12-21 12:51:40.445root 11241100x8000000000000000726747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d2b0250e6c2eb92021-12-21 12:51:40.445root 11241100x8000000000000000726748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16f05bb9fea38932021-12-21 12:51:40.445root 11241100x8000000000000000726749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beeca2f40f23401a2021-12-21 12:51:40.943root 11241100x8000000000000000726750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce32942dd9e410cc2021-12-21 12:51:40.943root 11241100x8000000000000000726751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90cb98ab0dc6c702021-12-21 12:51:40.943root 11241100x8000000000000000726752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b56f454a8eea0d82021-12-21 12:51:40.943root 11241100x8000000000000000726753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f80564ba49c8c7e2021-12-21 12:51:40.944root 11241100x8000000000000000726754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b462fc95e7da3a2021-12-21 12:51:40.944root 11241100x8000000000000000726755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7428b5c17fec6f52021-12-21 12:51:40.944root 11241100x8000000000000000726756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c75ff153c535aff2021-12-21 12:51:40.944root 11241100x8000000000000000726757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e4a93626eda3f12021-12-21 12:51:40.944root 11241100x8000000000000000726758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2254f0edbcd24a2021-12-21 12:51:40.944root 11241100x8000000000000000726759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbde362395e4f352021-12-21 12:51:40.944root 11241100x8000000000000000726760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e65f886c3e1fc62021-12-21 12:51:40.944root 11241100x8000000000000000726761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7316fde4043b6c2021-12-21 12:51:40.944root 11241100x8000000000000000726762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9ce422b085be202021-12-21 12:51:40.944root 11241100x8000000000000000726763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb47cc80392b66b2021-12-21 12:51:40.944root 11241100x8000000000000000726764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0348a9481ce695c42021-12-21 12:51:40.944root 11241100x8000000000000000726765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a03e42f3f51cdf2021-12-21 12:51:40.944root 11241100x8000000000000000726766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7cc17f1a46092c2021-12-21 12:51:40.944root 11241100x8000000000000000726767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da84e39c5d296b42021-12-21 12:51:40.944root 11241100x8000000000000000726768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cb2c8ac3e22fcc2021-12-21 12:51:40.944root 11241100x8000000000000000726769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cec7c4c4d796e92021-12-21 12:51:40.945root 11241100x8000000000000000726770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56bc3f7ceb0f28f2021-12-21 12:51:40.945root 11241100x8000000000000000726771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d805c5d1b6499aa02021-12-21 12:51:40.945root 11241100x8000000000000000726772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfdc4d88e8e1f8f2021-12-21 12:51:40.945root 11241100x8000000000000000726773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b65ec231125ff492021-12-21 12:51:40.945root 11241100x8000000000000000726774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afaae5dc140d5f12021-12-21 12:51:40.945root 11241100x8000000000000000726775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee08184d5d4153f2021-12-21 12:51:40.945root 11241100x8000000000000000726776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27ee86690d71f922021-12-21 12:51:40.945root 11241100x8000000000000000726777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0953f5ead28aff2021-12-21 12:51:40.945root 11241100x8000000000000000726778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4937bf238abe7842021-12-21 12:51:40.945root 11241100x8000000000000000726779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595d368b05510a252021-12-21 12:51:40.945root 11241100x8000000000000000726780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001fe80a9897e1db2021-12-21 12:51:40.945root 11241100x8000000000000000726781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931987ee99a751002021-12-21 12:51:40.945root 11241100x8000000000000000726782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7d811a9da20b142021-12-21 12:51:40.945root 11241100x8000000000000000726783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d31bdb1db38c212021-12-21 12:51:40.945root 354300x8000000000000000726784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.168{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50590-false10.0.1.12-8000- 11241100x8000000000000000726785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f199f0687006752021-12-21 12:51:41.443root 11241100x8000000000000000726786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d40fa3b8b69a52021-12-21 12:51:41.443root 11241100x8000000000000000726787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0d0302e25dfa192021-12-21 12:51:41.443root 11241100x8000000000000000726788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c13c9ccc81593a2021-12-21 12:51:41.443root 11241100x8000000000000000726789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af90ae7bf967552a2021-12-21 12:51:41.444root 11241100x8000000000000000726790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9cbd9c56e73f2f2021-12-21 12:51:41.444root 11241100x8000000000000000726791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033e361720ae5d912021-12-21 12:51:41.444root 11241100x8000000000000000726792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebffe658fe7789cc2021-12-21 12:51:41.444root 11241100x8000000000000000726793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ca0d970299fcf32021-12-21 12:51:41.444root 11241100x8000000000000000726794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd86c97fd27e18a2021-12-21 12:51:41.444root 11241100x8000000000000000726795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b0a1fcb3c7a6972021-12-21 12:51:41.444root 11241100x8000000000000000726796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6325cc42aa2a632c2021-12-21 12:51:41.444root 11241100x8000000000000000726797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f9ba568651ea4b2021-12-21 12:51:41.444root 11241100x8000000000000000726798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c2de45c679048e2021-12-21 12:51:41.444root 11241100x8000000000000000726799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1051b7be610330ae2021-12-21 12:51:41.444root 11241100x8000000000000000726800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383647d5724a02182021-12-21 12:51:41.444root 11241100x8000000000000000726801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aa7e64fac5ff8c2021-12-21 12:51:41.444root 11241100x8000000000000000726802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b17d3e287b9b692021-12-21 12:51:41.444root 11241100x8000000000000000726803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3992fe93f346880e2021-12-21 12:51:41.444root 11241100x8000000000000000726804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b79cbe6c53dc02021-12-21 12:51:41.444root 11241100x8000000000000000726805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad886bd3f19edf62021-12-21 12:51:41.445root 11241100x8000000000000000726806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc93667e6dde7a32021-12-21 12:51:41.445root 11241100x8000000000000000726807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd763ede00a4f32021-12-21 12:51:41.445root 11241100x8000000000000000726808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e3a78f32e0aa792021-12-21 12:51:41.445root 11241100x8000000000000000726809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3887da19b80b8b7c2021-12-21 12:51:41.445root 11241100x8000000000000000726810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d09724783d38de92021-12-21 12:51:41.445root 11241100x8000000000000000726811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6611d682a741572021-12-21 12:51:41.445root 11241100x8000000000000000726812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3efc2d26209487f2021-12-21 12:51:41.445root 11241100x8000000000000000726813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420898c5f99d8cb2021-12-21 12:51:41.445root 11241100x8000000000000000726814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b136ae153752a9b52021-12-21 12:51:41.445root 11241100x8000000000000000726815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aada1798fdf20c72021-12-21 12:51:41.445root 11241100x8000000000000000726816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e007dc1820530bd02021-12-21 12:51:41.445root 11241100x8000000000000000726817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6ef9eda9121f352021-12-21 12:51:41.445root 11241100x8000000000000000726818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e8d936ab3b9a42021-12-21 12:51:41.445root 11241100x8000000000000000726819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75a09801865d1772021-12-21 12:51:41.943root 11241100x8000000000000000726820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1152aa096353b8752021-12-21 12:51:41.943root 11241100x8000000000000000726821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a607f8b3e614bd0b2021-12-21 12:51:41.943root 11241100x8000000000000000726822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9887b9f1f21ba22021-12-21 12:51:41.943root 11241100x8000000000000000726823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e51e4c67f00492021-12-21 12:51:41.944root 11241100x8000000000000000726824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae5c138b8aa4542021-12-21 12:51:41.944root 11241100x8000000000000000726825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c193cb5e4a1de712021-12-21 12:51:41.944root 11241100x8000000000000000726826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5f89f7ab7cba5e2021-12-21 12:51:41.944root 11241100x8000000000000000726827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61932135ea8973af2021-12-21 12:51:41.944root 11241100x8000000000000000726828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba54d8911fd9c7802021-12-21 12:51:41.944root 11241100x8000000000000000726829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dca32e1e1637b32021-12-21 12:51:41.944root 11241100x8000000000000000726830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16b5d601a565a7a2021-12-21 12:51:41.944root 11241100x8000000000000000726831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b941dd9123563b2021-12-21 12:51:41.944root 11241100x8000000000000000726832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58114c4d714c8c42021-12-21 12:51:41.944root 11241100x8000000000000000726833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276abd90831567d02021-12-21 12:51:41.944root 11241100x8000000000000000726834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a29c6551c6a1c32021-12-21 12:51:41.944root 11241100x8000000000000000726835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a14700cef2971e2021-12-21 12:51:41.944root 11241100x8000000000000000726836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee811ccc6efb2512021-12-21 12:51:41.944root 11241100x8000000000000000726837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7c231e746ab8642021-12-21 12:51:41.944root 11241100x8000000000000000726838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0975f2c542ac572021-12-21 12:51:41.945root 11241100x8000000000000000726839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5cc798dfdb820a2021-12-21 12:51:41.945root 11241100x8000000000000000726840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1361ebd71e1a5b442021-12-21 12:51:41.945root 11241100x8000000000000000726841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f11789ff980b22021-12-21 12:51:41.945root 11241100x8000000000000000726842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aba8a72d90605c32021-12-21 12:51:41.945root 11241100x8000000000000000726843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8145622567f6610d2021-12-21 12:51:41.945root 11241100x8000000000000000726844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9f5dce7d3d056a2021-12-21 12:51:41.945root 11241100x8000000000000000726845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e032ca4dc5c0eb2021-12-21 12:51:41.945root 11241100x8000000000000000726846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04055400e6bf3bb12021-12-21 12:51:41.945root 11241100x8000000000000000726847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7a4262f3e684f62021-12-21 12:51:41.945root 11241100x8000000000000000726848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b8e239d7545df2021-12-21 12:51:41.945root 11241100x8000000000000000726849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e984cee5e0e93152021-12-21 12:51:41.945root 11241100x8000000000000000726850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c570dc37854c3c2021-12-21 12:51:41.945root 11241100x8000000000000000726851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2125a2354d2c6602021-12-21 12:51:41.945root 11241100x8000000000000000726852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4565b2ee8257ec612021-12-21 12:51:41.946root 11241100x8000000000000000726853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f003a8a4fa5b7692021-12-21 12:51:41.946root 11241100x8000000000000000726854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46928d2d0f6e9e172021-12-21 12:51:41.946root 23542300x8000000000000000726855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:41.967{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000726856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1314456670355f172021-12-21 12:51:42.443root 11241100x8000000000000000726857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f69dceb1efdb0fa2021-12-21 12:51:42.443root 11241100x8000000000000000726858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85fd7050329bbf32021-12-21 12:51:42.443root 11241100x8000000000000000726859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d3d432ff9fac232021-12-21 12:51:42.443root 11241100x8000000000000000726860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f323a4f5fde1a32021-12-21 12:51:42.444root 11241100x8000000000000000726861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d70047c8ecd63e2021-12-21 12:51:42.444root 11241100x8000000000000000726862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb25556ea0dbc282021-12-21 12:51:42.444root 11241100x8000000000000000726863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be488219871809d2021-12-21 12:51:42.444root 11241100x8000000000000000726864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff977d50d4080832021-12-21 12:51:42.444root 11241100x8000000000000000726865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3088be93062586a2021-12-21 12:51:42.444root 11241100x8000000000000000726866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3230e9db40d1d42021-12-21 12:51:42.444root 11241100x8000000000000000726867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5747248bbf472b2021-12-21 12:51:42.444root 11241100x8000000000000000726868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1644321af01eed482021-12-21 12:51:42.444root 11241100x8000000000000000726869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df2ca0a8a6295662021-12-21 12:51:42.444root 11241100x8000000000000000726870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc21011abc29621e2021-12-21 12:51:42.444root 11241100x8000000000000000726871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50ff8f489cf0c8f2021-12-21 12:51:42.444root 11241100x8000000000000000726872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1e251334489bcf2021-12-21 12:51:42.444root 11241100x8000000000000000726873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0776396f7ddbccd62021-12-21 12:51:42.444root 11241100x8000000000000000726874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864b5d542d3a57922021-12-21 12:51:42.444root 11241100x8000000000000000726875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c991dc2b0dd3af282021-12-21 12:51:42.445root 11241100x8000000000000000726876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c011ed4ff2476e842021-12-21 12:51:42.445root 11241100x8000000000000000726877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff48645178364dc2021-12-21 12:51:42.445root 11241100x8000000000000000726878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e61e63f2fa8ac82021-12-21 12:51:42.445root 11241100x8000000000000000726879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bc53a93d1404a2021-12-21 12:51:42.445root 11241100x8000000000000000726880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa819748c4e805572021-12-21 12:51:42.445root 11241100x8000000000000000726881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3ef4e70ca3674a2021-12-21 12:51:42.445root 11241100x8000000000000000726882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c7ee0b2e40f3e2021-12-21 12:51:42.445root 11241100x8000000000000000726883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8073547847c3ae902021-12-21 12:51:42.445root 11241100x8000000000000000726884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ac0f4837ddbef22021-12-21 12:51:42.445root 11241100x8000000000000000726885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b35f2eb66ed172021-12-21 12:51:42.445root 11241100x8000000000000000726886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db7d154094fe8072021-12-21 12:51:42.445root 11241100x8000000000000000726887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bfae33af5799ab2021-12-21 12:51:42.445root 11241100x8000000000000000726888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2d7278f84cb8482021-12-21 12:51:42.445root 11241100x8000000000000000726889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39f4b90f5ee9ba2021-12-21 12:51:42.446root 11241100x8000000000000000726890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a1d8bb087afc7a2021-12-21 12:51:42.446root 11241100x8000000000000000726891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f8bf1f67d0caf2021-12-21 12:51:42.446root 11241100x8000000000000000726892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366efe17ebc3a4b42021-12-21 12:51:42.946root 11241100x8000000000000000726893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2115ca3857e106f32021-12-21 12:51:42.946root 11241100x8000000000000000726894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f41b8b1866d8592021-12-21 12:51:42.946root 11241100x8000000000000000726895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8375957245afd142021-12-21 12:51:42.946root 11241100x8000000000000000726896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08356f05166a6ff12021-12-21 12:51:42.946root 11241100x8000000000000000726897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e4794e8bff480e2021-12-21 12:51:42.946root 11241100x8000000000000000726898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1981f9cbc2538eda2021-12-21 12:51:42.946root 11241100x8000000000000000726899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20852021fd93e2ab2021-12-21 12:51:42.946root 11241100x8000000000000000726900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc02a6db0db5152021-12-21 12:51:42.946root 11241100x8000000000000000726901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68915056f11ba69c2021-12-21 12:51:42.946root 11241100x8000000000000000726902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01edbf5b02eec3e2021-12-21 12:51:42.946root 11241100x8000000000000000726903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a7ca5838cb8f7d2021-12-21 12:51:42.947root 11241100x8000000000000000726904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e345416e1dac1cb72021-12-21 12:51:42.947root 11241100x8000000000000000726905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c29421cb47cf622021-12-21 12:51:42.947root 11241100x8000000000000000726906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded0f1eb71f443bd2021-12-21 12:51:42.947root 11241100x8000000000000000726907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771c47db104261ae2021-12-21 12:51:42.947root 11241100x8000000000000000726908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fee91df91c9bb12021-12-21 12:51:42.947root 11241100x8000000000000000726909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb2584b65c0eefc2021-12-21 12:51:42.947root 11241100x8000000000000000726910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d656c285fcd62102021-12-21 12:51:42.947root 11241100x8000000000000000726911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e9caafd2fec65c2021-12-21 12:51:42.947root 11241100x8000000000000000726912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5928b629d5b556f92021-12-21 12:51:42.947root 11241100x8000000000000000726913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4efbbad9218f972021-12-21 12:51:42.947root 11241100x8000000000000000726914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9fab9746db84b22021-12-21 12:51:42.947root 11241100x8000000000000000726915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971fb3a30755c8bd2021-12-21 12:51:42.947root 11241100x8000000000000000726916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c244704580d139b2021-12-21 12:51:42.947root 11241100x8000000000000000726917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a6b446db24d72c2021-12-21 12:51:42.947root 11241100x8000000000000000726918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dc0368faeefac02021-12-21 12:51:42.948root 11241100x8000000000000000726919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9d44976b2b70fa2021-12-21 12:51:42.948root 11241100x8000000000000000726920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd12c6c0c4b7b8b12021-12-21 12:51:42.948root 11241100x8000000000000000726921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20391175a1a38cd2021-12-21 12:51:42.948root 11241100x8000000000000000726922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668edd8d6b441b952021-12-21 12:51:42.948root 11241100x8000000000000000726923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e590def3cb70601e2021-12-21 12:51:42.948root 11241100x8000000000000000726924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e4c15d21e440fb2021-12-21 12:51:42.948root 11241100x8000000000000000726925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597b1dfe357d1c8a2021-12-21 12:51:42.948root 11241100x8000000000000000726926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041694f0af8a6d6a2021-12-21 12:51:42.948root 11241100x8000000000000000726927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8861c7cc9a05362021-12-21 12:51:43.443root 11241100x8000000000000000726928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff82797373fedd562021-12-21 12:51:43.444root 11241100x8000000000000000726929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fff687642100fba2021-12-21 12:51:43.444root 11241100x8000000000000000726930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8e02ad20a62aef2021-12-21 12:51:43.445root 11241100x8000000000000000726931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94b50535e303c462021-12-21 12:51:43.445root 11241100x8000000000000000726932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4b76bcac8c45d32021-12-21 12:51:43.445root 11241100x8000000000000000726933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24918890681c89e2021-12-21 12:51:43.445root 11241100x8000000000000000726934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed51688b179d1b2021-12-21 12:51:43.445root 11241100x8000000000000000726935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdfd0ff28fa207d2021-12-21 12:51:43.445root 11241100x8000000000000000726936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563156c8bcf7cba42021-12-21 12:51:43.445root 11241100x8000000000000000726937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7045d94477f007d2021-12-21 12:51:43.445root 11241100x8000000000000000726938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268bd09e747ed6a02021-12-21 12:51:43.445root 11241100x8000000000000000726939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3a8fdb7f6a9f92021-12-21 12:51:43.446root 11241100x8000000000000000726940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d984322a954d5af12021-12-21 12:51:43.446root 11241100x8000000000000000726941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb9a76bb465e8992021-12-21 12:51:43.446root 11241100x8000000000000000726942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e506c5df0559d92021-12-21 12:51:43.446root 11241100x8000000000000000726943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a450bbaaf9a921742021-12-21 12:51:43.446root 11241100x8000000000000000726944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05293763fd9d5f62021-12-21 12:51:43.446root 11241100x8000000000000000726945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68db3f4b07990962021-12-21 12:51:43.446root 11241100x8000000000000000726946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbda3b03b4ac5b12021-12-21 12:51:43.446root 11241100x8000000000000000726947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faad4d89b77bca1c2021-12-21 12:51:43.447root 11241100x8000000000000000726948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e32221a08b16092021-12-21 12:51:43.447root 11241100x8000000000000000726949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b136578aed4e6b2021-12-21 12:51:43.447root 11241100x8000000000000000726950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f6bc43711b3fed2021-12-21 12:51:43.447root 11241100x8000000000000000726951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af360d24806d72b2021-12-21 12:51:43.447root 11241100x8000000000000000726952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275380f7a71c00692021-12-21 12:51:43.447root 11241100x8000000000000000726953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6908db4954c799fc2021-12-21 12:51:43.447root 11241100x8000000000000000726954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb769cb749979cd2021-12-21 12:51:43.447root 11241100x8000000000000000726955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61159e50c0d8fe992021-12-21 12:51:43.448root 11241100x8000000000000000726956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba50c3ea7b04e95b2021-12-21 12:51:43.448root 11241100x8000000000000000726957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f8b1cb157b89d2021-12-21 12:51:43.448root 11241100x8000000000000000726958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27615ff559302da52021-12-21 12:51:43.449root 11241100x8000000000000000726959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d923fe1674efcac2021-12-21 12:51:43.449root 11241100x8000000000000000726960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba96b32ab620b63d2021-12-21 12:51:43.449root 11241100x8000000000000000726961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fab4b6f1d554abf2021-12-21 12:51:43.449root 11241100x8000000000000000726962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc756a058b700c2021-12-21 12:51:43.943root 11241100x8000000000000000726963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38019c33c636b6fb2021-12-21 12:51:43.943root 11241100x8000000000000000726964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac020d46ad11b65e2021-12-21 12:51:43.943root 11241100x8000000000000000726965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b13e4f5bdf85b3f2021-12-21 12:51:43.943root 11241100x8000000000000000726966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e827b0e2ef7c6f2021-12-21 12:51:43.944root 11241100x8000000000000000726967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe09b3c8387c4d62021-12-21 12:51:43.944root 11241100x8000000000000000726968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37974f4a7527f0762021-12-21 12:51:43.944root 11241100x8000000000000000726969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbf33a84daac33c2021-12-21 12:51:43.944root 11241100x8000000000000000726970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbeb9fab2f803bf2021-12-21 12:51:43.944root 11241100x8000000000000000726971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563b7941ea76cffe2021-12-21 12:51:43.944root 11241100x8000000000000000726972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67cf7f8d4f80de82021-12-21 12:51:43.944root 11241100x8000000000000000726973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093408a20e3af9ff2021-12-21 12:51:43.944root 11241100x8000000000000000726974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d199d38e53d8b5322021-12-21 12:51:43.944root 11241100x8000000000000000726975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536fb88b002d39f72021-12-21 12:51:43.944root 11241100x8000000000000000726976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61475cd468ed5242021-12-21 12:51:43.945root 11241100x8000000000000000726977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65fbf671435ff872021-12-21 12:51:43.945root 11241100x8000000000000000726978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5898b22bed345b42021-12-21 12:51:43.945root 11241100x8000000000000000726979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48d5568e5f92f552021-12-21 12:51:43.945root 11241100x8000000000000000726980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5a3529b9c56822021-12-21 12:51:43.945root 11241100x8000000000000000726981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2321090856ffa6a62021-12-21 12:51:43.945root 11241100x8000000000000000726982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5aa2c07504958c2021-12-21 12:51:43.945root 11241100x8000000000000000726983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676ded85a218fcd32021-12-21 12:51:43.946root 11241100x8000000000000000726984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a9524b389d6dbe2021-12-21 12:51:43.946root 11241100x8000000000000000726985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf19cf65a963632021-12-21 12:51:43.946root 11241100x8000000000000000726986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b72f48d1f0bdbb02021-12-21 12:51:43.946root 11241100x8000000000000000726987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da9344544020ee62021-12-21 12:51:43.946root 11241100x8000000000000000726988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38da4a5325b814e32021-12-21 12:51:43.946root 11241100x8000000000000000726989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950ecd2a13f73932021-12-21 12:51:43.946root 11241100x8000000000000000726990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee204ca617e0d492021-12-21 12:51:43.946root 11241100x8000000000000000726991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24f88bbfb612ee02021-12-21 12:51:43.946root 11241100x8000000000000000726992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696f5bd135fcd0552021-12-21 12:51:43.946root 11241100x8000000000000000726993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476aca29a8a4dd2a2021-12-21 12:51:43.946root 11241100x8000000000000000726994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae76157eb71e79302021-12-21 12:51:43.947root 11241100x8000000000000000726995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ba68b1b796689f2021-12-21 12:51:43.947root 11241100x8000000000000000726996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f285f103e9a17e62021-12-21 12:51:43.947root 11241100x8000000000000000726997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1a9137d318a5b72021-12-21 12:51:43.947root 11241100x8000000000000000726998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609d7b076ec40cc22021-12-21 12:51:43.947root 11241100x8000000000000000726999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b995d1cff55fd42021-12-21 12:51:43.947root 11241100x8000000000000000727000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e84e84ec1822a12021-12-21 12:51:44.443root 11241100x8000000000000000727001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ea6b5772f212ea2021-12-21 12:51:44.443root 11241100x8000000000000000727002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd80e4caa94d2512021-12-21 12:51:44.443root 11241100x8000000000000000727003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a513580f1e1786002021-12-21 12:51:44.444root 11241100x8000000000000000727004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a2fd40a82dc3a2021-12-21 12:51:44.444root 11241100x8000000000000000727005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061a7546a44653ce2021-12-21 12:51:44.444root 11241100x8000000000000000727006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0404104e5e6498262021-12-21 12:51:44.444root 11241100x8000000000000000727007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c020dae21f2c8b82021-12-21 12:51:44.444root 11241100x8000000000000000727008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d328394c48e3802021-12-21 12:51:44.444root 11241100x8000000000000000727009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4884f0ec3b79b582021-12-21 12:51:44.444root 11241100x8000000000000000727010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97faa8e79e8a86e32021-12-21 12:51:44.444root 11241100x8000000000000000727011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55fcc3d4892ed842021-12-21 12:51:44.444root 11241100x8000000000000000727012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902cd6efc8fcb4592021-12-21 12:51:44.444root 11241100x8000000000000000727013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2fcbdd31e9934d2021-12-21 12:51:44.444root 11241100x8000000000000000727014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca11ee6c4125abef2021-12-21 12:51:44.444root 11241100x8000000000000000727015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd70e24be247ac2a2021-12-21 12:51:44.444root 11241100x8000000000000000727016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a8766402b80d202021-12-21 12:51:44.444root 11241100x8000000000000000727017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2f38b5f00f03812021-12-21 12:51:44.444root 11241100x8000000000000000727018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efa8170f1f1cb352021-12-21 12:51:44.445root 11241100x8000000000000000727019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded9446c19e6fd772021-12-21 12:51:44.445root 11241100x8000000000000000727020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f7f932d09ea94f2021-12-21 12:51:44.445root 11241100x8000000000000000727021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c50324f1f17602021-12-21 12:51:44.445root 11241100x8000000000000000727022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c456be41ff1092021-12-21 12:51:44.445root 11241100x8000000000000000727023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2018e731fb6f08872021-12-21 12:51:44.445root 11241100x8000000000000000727024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e103bd2850501762021-12-21 12:51:44.445root 11241100x8000000000000000727025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51dbd5e3482ff762021-12-21 12:51:44.445root 11241100x8000000000000000727026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffedcf4736fc96ad2021-12-21 12:51:44.445root 11241100x8000000000000000727027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a359d45465f014172021-12-21 12:51:44.445root 11241100x8000000000000000727028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476b028445c422d12021-12-21 12:51:44.445root 11241100x8000000000000000727029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d4d2a1cac051902021-12-21 12:51:44.445root 11241100x8000000000000000727030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e64bde2ac702b82021-12-21 12:51:44.445root 11241100x8000000000000000727031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc218b361f3d1062021-12-21 12:51:44.445root 11241100x8000000000000000727032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f49e0f67472d832021-12-21 12:51:44.445root 11241100x8000000000000000727033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7f94640850dba02021-12-21 12:51:44.446root 11241100x8000000000000000727034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26366290bb4267b82021-12-21 12:51:44.446root 11241100x8000000000000000727035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1583b3dff42d35152021-12-21 12:51:44.446root 11241100x8000000000000000727036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82e7d7fdf082a152021-12-21 12:51:44.943root 11241100x8000000000000000727037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d849903fb69642f22021-12-21 12:51:44.943root 11241100x8000000000000000727038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b71e43d100e8bc2021-12-21 12:51:44.943root 11241100x8000000000000000727039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645b1430831357282021-12-21 12:51:44.944root 11241100x8000000000000000727040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e554f92dcedf19f12021-12-21 12:51:44.944root 11241100x8000000000000000727041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4475c6bdba05af4f2021-12-21 12:51:44.944root 11241100x8000000000000000727042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bde92d6a64036f2021-12-21 12:51:44.944root 11241100x8000000000000000727043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f1c35a6224d032021-12-21 12:51:44.944root 11241100x8000000000000000727044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35e9c8fddb6e37e2021-12-21 12:51:44.944root 11241100x8000000000000000727045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b47708332cfd78e2021-12-21 12:51:44.944root 11241100x8000000000000000727046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a609ce88a2020b2021-12-21 12:51:44.944root 11241100x8000000000000000727047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1160d02dbe2bf39c2021-12-21 12:51:44.944root 11241100x8000000000000000727048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bda2c366399de42021-12-21 12:51:44.944root 11241100x8000000000000000727049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97e968e2960551c2021-12-21 12:51:44.944root 11241100x8000000000000000727050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc017f2dbf418752021-12-21 12:51:44.944root 11241100x8000000000000000727051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df47368429247922021-12-21 12:51:44.944root 11241100x8000000000000000727052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b601283ca5837e722021-12-21 12:51:44.944root 11241100x8000000000000000727053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c37fca8d7e72bd2021-12-21 12:51:44.945root 11241100x8000000000000000727054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da889d72ef7c3dba2021-12-21 12:51:44.945root 11241100x8000000000000000727055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d064ed2244850d2021-12-21 12:51:44.945root 11241100x8000000000000000727056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0b18a1e99aba1f2021-12-21 12:51:44.945root 11241100x8000000000000000727057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d154238e04c20b12021-12-21 12:51:44.945root 11241100x8000000000000000727058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e7a51a3c8d64072021-12-21 12:51:44.945root 11241100x8000000000000000727059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac33f41a09805ff2021-12-21 12:51:44.945root 11241100x8000000000000000727060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fa4ea7802c32f82021-12-21 12:51:44.945root 11241100x8000000000000000727061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61549b39ec68980c2021-12-21 12:51:44.945root 11241100x8000000000000000727062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cff6e704424c9f2021-12-21 12:51:44.945root 11241100x8000000000000000727063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9cf097088e36552021-12-21 12:51:44.945root 11241100x8000000000000000727064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9017e0e060935572021-12-21 12:51:44.945root 11241100x8000000000000000727065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a024a8d72355d2021-12-21 12:51:44.945root 11241100x8000000000000000727066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b370a8f98768a2021-12-21 12:51:44.945root 11241100x8000000000000000727067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3545af88e1be0962021-12-21 12:51:44.945root 11241100x8000000000000000727068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cb2573d6075b632021-12-21 12:51:44.945root 11241100x8000000000000000727069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965c5f2dba8152a02021-12-21 12:51:44.946root 11241100x8000000000000000727070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca4d78be2347ee52021-12-21 12:51:44.946root 11241100x8000000000000000727071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ca402d6c7f16092021-12-21 12:51:45.443root 11241100x8000000000000000727072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f425e379cccb892021-12-21 12:51:45.443root 11241100x8000000000000000727073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b442a172803a7e2021-12-21 12:51:45.444root 11241100x8000000000000000727074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6678d8435d307beb2021-12-21 12:51:45.444root 11241100x8000000000000000727075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd16fda40e13fbb2021-12-21 12:51:45.444root 11241100x8000000000000000727076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960e6de2a519a3e02021-12-21 12:51:45.444root 11241100x8000000000000000727077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0469d66fead8382021-12-21 12:51:45.444root 11241100x8000000000000000727078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb3b8720093a2c92021-12-21 12:51:45.444root 11241100x8000000000000000727079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713d46c8e5499a212021-12-21 12:51:45.444root 11241100x8000000000000000727080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54149074adb7c51c2021-12-21 12:51:45.444root 11241100x8000000000000000727081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4c4ceb18b742562021-12-21 12:51:45.444root 11241100x8000000000000000727082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaac1132af3e5a12021-12-21 12:51:45.444root 11241100x8000000000000000727083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc10699d6e337ca2021-12-21 12:51:45.444root 11241100x8000000000000000727084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfe230fb89c9f872021-12-21 12:51:45.444root 11241100x8000000000000000727085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798cbad2e4c3bcb2021-12-21 12:51:45.444root 11241100x8000000000000000727086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8371b972d5db8582021-12-21 12:51:45.445root 11241100x8000000000000000727087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32f37d7702e67702021-12-21 12:51:45.445root 11241100x8000000000000000727088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d351aa1fc98ada052021-12-21 12:51:45.445root 11241100x8000000000000000727089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e06104fe7c6d9c2021-12-21 12:51:45.445root 11241100x8000000000000000727090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1b00ddf94bda612021-12-21 12:51:45.445root 11241100x8000000000000000727091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969cb2a9e054d9962021-12-21 12:51:45.445root 11241100x8000000000000000727092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98c62ba115de5382021-12-21 12:51:45.445root 11241100x8000000000000000727093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff9fa0d7d107462021-12-21 12:51:45.445root 11241100x8000000000000000727094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390877d6e168938d2021-12-21 12:51:45.445root 11241100x8000000000000000727095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654936961f58f0ba2021-12-21 12:51:45.445root 11241100x8000000000000000727096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15352e6d67460eb32021-12-21 12:51:45.445root 11241100x8000000000000000727097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be018edfabf9e952021-12-21 12:51:45.445root 11241100x8000000000000000727098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddf3d723f27d86c2021-12-21 12:51:45.445root 11241100x8000000000000000727099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2ac65fba9bbaf22021-12-21 12:51:45.445root 11241100x8000000000000000727100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998432c2f558260d2021-12-21 12:51:45.445root 11241100x8000000000000000727101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12c42926fc9e6232021-12-21 12:51:45.445root 11241100x8000000000000000727102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83331354316637d72021-12-21 12:51:45.446root 11241100x8000000000000000727103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f353fa336989a62021-12-21 12:51:45.446root 11241100x8000000000000000727104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7da00c333e2392a2021-12-21 12:51:45.446root 11241100x8000000000000000727105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40521baca739f9e2021-12-21 12:51:45.446root 11241100x8000000000000000727106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae865d2d291d9362021-12-21 12:51:45.943root 11241100x8000000000000000727107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6972aaf637ff1eb32021-12-21 12:51:45.943root 11241100x8000000000000000727108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8829b9b9be71892021-12-21 12:51:45.943root 11241100x8000000000000000727109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135c5dd135c62ab22021-12-21 12:51:45.943root 11241100x8000000000000000727110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5d036ffc3b95092021-12-21 12:51:45.944root 11241100x8000000000000000727111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7304cc9005ada97f2021-12-21 12:51:45.944root 11241100x8000000000000000727112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e96c7149bbe1a4f2021-12-21 12:51:45.944root 11241100x8000000000000000727113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca11681d89425bfc2021-12-21 12:51:45.944root 11241100x8000000000000000727114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4bbf978e8d523f2021-12-21 12:51:45.944root 11241100x8000000000000000727115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0c3e92fd5fdd62021-12-21 12:51:45.944root 11241100x8000000000000000727116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6833c35f1151e42021-12-21 12:51:45.944root 11241100x8000000000000000727117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd276dc2e7d27be2021-12-21 12:51:45.944root 11241100x8000000000000000727118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7c4eb5101317f42021-12-21 12:51:45.944root 11241100x8000000000000000727119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8ff772a7fecd482021-12-21 12:51:45.944root 11241100x8000000000000000727120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d668b4689f83ce2021-12-21 12:51:45.944root 11241100x8000000000000000727121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57f21f2de78069d2021-12-21 12:51:45.944root 11241100x8000000000000000727122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd72da2663bb28532021-12-21 12:51:45.944root 11241100x8000000000000000727123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf124c52cbf83b4a2021-12-21 12:51:45.945root 11241100x8000000000000000727124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff8d88c9d707e072021-12-21 12:51:45.945root 11241100x8000000000000000727125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a10b445ef79f2e2021-12-21 12:51:45.945root 11241100x8000000000000000727126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb19077fab347552021-12-21 12:51:45.945root 11241100x8000000000000000727127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0429a2988d05843c2021-12-21 12:51:45.945root 11241100x8000000000000000727128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c19246c5b426a1d2021-12-21 12:51:45.945root 11241100x8000000000000000727129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb69ed91b8951342021-12-21 12:51:45.945root 11241100x8000000000000000727130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436c9ebd5e5b77322021-12-21 12:51:45.945root 11241100x8000000000000000727131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebcf3932175abba2021-12-21 12:51:45.945root 11241100x8000000000000000727132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244cbaf709a405202021-12-21 12:51:45.945root 11241100x8000000000000000727133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0ae0ea7ad99172021-12-21 12:51:45.945root 11241100x8000000000000000727134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde678ee6354b982021-12-21 12:51:45.945root 11241100x8000000000000000727135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb858dfa59b448df2021-12-21 12:51:45.945root 11241100x8000000000000000727136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51db6b70654bd8b92021-12-21 12:51:45.945root 11241100x8000000000000000727137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de809c83191011c02021-12-21 12:51:45.945root 11241100x8000000000000000727138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c0f6e6a42be3122021-12-21 12:51:45.945root 11241100x8000000000000000727139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72509611575d46502021-12-21 12:51:45.946root 11241100x8000000000000000727140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f6b62ea6570dd42021-12-21 12:51:45.946root 11241100x8000000000000000727141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee22349966f1d812021-12-21 12:51:45.946root 354300x8000000000000000727142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.238{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50592-false10.0.1.12-8000- 11241100x8000000000000000727143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d368d487d80718d2021-12-21 12:51:46.239root 11241100x8000000000000000727144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5f581f9a99b9312021-12-21 12:51:46.239root 11241100x8000000000000000727145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa3f762dca74b42021-12-21 12:51:46.239root 11241100x8000000000000000727146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75f3fb8dce6cb102021-12-21 12:51:46.239root 11241100x8000000000000000727147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1567c69f224b49bc2021-12-21 12:51:46.240root 11241100x8000000000000000727148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c98526b3d2dba372021-12-21 12:51:46.240root 11241100x8000000000000000727149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cd49f1449111bf2021-12-21 12:51:46.240root 11241100x8000000000000000727150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c0132687eb82662021-12-21 12:51:46.240root 11241100x8000000000000000727151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14901782033ba4b2021-12-21 12:51:46.240root 11241100x8000000000000000727152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371c9757283833aa2021-12-21 12:51:46.240root 11241100x8000000000000000727153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206197e62d287d012021-12-21 12:51:46.240root 11241100x8000000000000000727154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9627143f495f292021-12-21 12:51:46.240root 11241100x8000000000000000727155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effa69b629e659592021-12-21 12:51:46.240root 11241100x8000000000000000727156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15f4586c575cd402021-12-21 12:51:46.240root 11241100x8000000000000000727157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c48fce12788372e2021-12-21 12:51:46.240root 11241100x8000000000000000727158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4154f0a3f6d07e82021-12-21 12:51:46.240root 11241100x8000000000000000727159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833b91eb35e2e13f2021-12-21 12:51:46.240root 11241100x8000000000000000727160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339c775736c0ac572021-12-21 12:51:46.240root 11241100x8000000000000000727161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab47e346096b1ea2021-12-21 12:51:46.240root 11241100x8000000000000000727162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46c7ed07922b1f62021-12-21 12:51:46.241root 11241100x8000000000000000727163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5976d81ac1ad634a2021-12-21 12:51:46.241root 11241100x8000000000000000727164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a2a7e11bda5c672021-12-21 12:51:46.241root 11241100x8000000000000000727165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3fab39d5f3aad22021-12-21 12:51:46.241root 11241100x8000000000000000727166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692f3b9bc1ddce852021-12-21 12:51:46.241root 11241100x8000000000000000727167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646ae7302d025a872021-12-21 12:51:46.241root 11241100x8000000000000000727168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ef3b43ecbad462021-12-21 12:51:46.241root 11241100x8000000000000000727169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ee9fb63633c3812021-12-21 12:51:46.241root 11241100x8000000000000000727170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afbcb4a665c23a02021-12-21 12:51:46.241root 11241100x8000000000000000727171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c4f3635b0fa962021-12-21 12:51:46.241root 11241100x8000000000000000727172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7f32a411836a72021-12-21 12:51:46.241root 11241100x8000000000000000727173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e66a4c2a02ce22021-12-21 12:51:46.242root 11241100x8000000000000000727174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b7eb8f2d656d3f2021-12-21 12:51:46.242root 11241100x8000000000000000727175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815d32cb5edf17362021-12-21 12:51:46.242root 11241100x8000000000000000727176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3f89d1d3c87dfd2021-12-21 12:51:46.242root 11241100x8000000000000000727177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dcdf33d778926f2021-12-21 12:51:46.242root 11241100x8000000000000000727178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1e66ac9824426f2021-12-21 12:51:46.242root 11241100x8000000000000000727179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ff98a7eac5a6502021-12-21 12:51:46.242root 11241100x8000000000000000727180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f9473c4cbc45aa2021-12-21 12:51:46.243root 11241100x8000000000000000727181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5c6e9c86daf7a02021-12-21 12:51:46.243root 11241100x8000000000000000727182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125b671bc90e31092021-12-21 12:51:46.243root 11241100x8000000000000000727183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12f251cba614f712021-12-21 12:51:46.243root 11241100x8000000000000000727184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14e522c9e747f5c2021-12-21 12:51:46.243root 11241100x8000000000000000727185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363eb78aba849c772021-12-21 12:51:46.243root 11241100x8000000000000000727186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb14c470694e3beb2021-12-21 12:51:46.243root 11241100x8000000000000000727187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b277953de96cd4dc2021-12-21 12:51:46.243root 11241100x8000000000000000727188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5854d17080b1712021-12-21 12:51:46.243root 11241100x8000000000000000727189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635625ffb10a6e612021-12-21 12:51:46.694root 11241100x8000000000000000727190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a366b911b254b122021-12-21 12:51:46.694root 11241100x8000000000000000727191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601acbd6298469c42021-12-21 12:51:46.694root 11241100x8000000000000000727192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89968b4e7fb1512a2021-12-21 12:51:46.694root 11241100x8000000000000000727193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1b8754ba47bbbe2021-12-21 12:51:46.694root 11241100x8000000000000000727194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5a8c71c75785322021-12-21 12:51:46.694root 11241100x8000000000000000727195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d54f1a31a752262021-12-21 12:51:46.694root 11241100x8000000000000000727196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052b98e86e86ba842021-12-21 12:51:46.694root 11241100x8000000000000000727197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05514f475b280fe12021-12-21 12:51:46.694root 11241100x8000000000000000727198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6611ebbad72a052021-12-21 12:51:46.695root 11241100x8000000000000000727199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9c6c77fb32b4aa2021-12-21 12:51:46.695root 11241100x8000000000000000727200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a636fca8abef74842021-12-21 12:51:46.695root 11241100x8000000000000000727201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbb0027905d03592021-12-21 12:51:46.695root 11241100x8000000000000000727202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bfaad8f070bd562021-12-21 12:51:46.695root 11241100x8000000000000000727203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9f927bfa2d840d2021-12-21 12:51:46.695root 11241100x8000000000000000727204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d58d8d78f9076752021-12-21 12:51:46.695root 11241100x8000000000000000727205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d579b596912bb1582021-12-21 12:51:46.695root 11241100x8000000000000000727206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9f8d1ed3b5a6ac2021-12-21 12:51:46.695root 11241100x8000000000000000727207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783e8b95db22b47c2021-12-21 12:51:46.695root 11241100x8000000000000000727208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73463ff2221698a2021-12-21 12:51:46.695root 11241100x8000000000000000727209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c367849bee38182021-12-21 12:51:46.695root 11241100x8000000000000000727210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e3b850a4ccc132021-12-21 12:51:46.695root 11241100x8000000000000000727211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ac99455bf2fd62021-12-21 12:51:46.695root 11241100x8000000000000000727212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34acefedda5da36f2021-12-21 12:51:46.695root 11241100x8000000000000000727213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5606f69eb8bf852021-12-21 12:51:46.695root 11241100x8000000000000000727214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbf3639cfdfd132021-12-21 12:51:46.696root 11241100x8000000000000000727215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2d3f0f003f839e2021-12-21 12:51:46.696root 11241100x8000000000000000727216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487fb96d590aeb862021-12-21 12:51:46.696root 11241100x8000000000000000727217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d87bfa477568aa72021-12-21 12:51:46.696root 11241100x8000000000000000727218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116221ebb75eda192021-12-21 12:51:46.696root 11241100x8000000000000000727219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628ada2a142250952021-12-21 12:51:46.696root 11241100x8000000000000000727220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66788890690a4fd92021-12-21 12:51:46.696root 11241100x8000000000000000727221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f5e28b361898f2021-12-21 12:51:46.696root 11241100x8000000000000000727222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76d333facb45b0e2021-12-21 12:51:46.696root 11241100x8000000000000000727223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f1b0d823b15a92021-12-21 12:51:46.696root 11241100x8000000000000000727224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f2e8ae4130edcb2021-12-21 12:51:46.696root 11241100x8000000000000000727225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89a241569c2761c2021-12-21 12:51:47.194root 11241100x8000000000000000727226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaca10e722dbbed2021-12-21 12:51:47.194root 11241100x8000000000000000727227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acff2a431b3fb1e12021-12-21 12:51:47.194root 11241100x8000000000000000727228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70fad94d60980052021-12-21 12:51:47.194root 11241100x8000000000000000727229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900085d59f6cede42021-12-21 12:51:47.194root 11241100x8000000000000000727230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf57c1000ace2462021-12-21 12:51:47.194root 11241100x8000000000000000727231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ccca0ea504a8f22021-12-21 12:51:47.194root 11241100x8000000000000000727232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9956302faa5c42021-12-21 12:51:47.194root 11241100x8000000000000000727233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5684af528d06f7a2021-12-21 12:51:47.194root 11241100x8000000000000000727234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ea83a147a80a5a2021-12-21 12:51:47.195root 11241100x8000000000000000727235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca4a830335790fc2021-12-21 12:51:47.195root 11241100x8000000000000000727236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cba13a3d6cdd902021-12-21 12:51:47.195root 11241100x8000000000000000727237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2994acf36a22a52021-12-21 12:51:47.195root 11241100x8000000000000000727238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d907ea9bdacabe32021-12-21 12:51:47.195root 11241100x8000000000000000727239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bf6d6b4cac0e662021-12-21 12:51:47.195root 11241100x8000000000000000727240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c9c8b86f3f987e2021-12-21 12:51:47.195root 11241100x8000000000000000727241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2c978648dafac22021-12-21 12:51:47.195root 11241100x8000000000000000727242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba27226920d55e2021-12-21 12:51:47.195root 11241100x8000000000000000727243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334c1de5281424512021-12-21 12:51:47.195root 11241100x8000000000000000727244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47aba322ca18e0f2021-12-21 12:51:47.195root 11241100x8000000000000000727245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed711240eae05042021-12-21 12:51:47.195root 11241100x8000000000000000727246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e20002dbfc7fa2021-12-21 12:51:47.195root 11241100x8000000000000000727247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320fa90551b7f6eb2021-12-21 12:51:47.195root 11241100x8000000000000000727248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6169029dddeabbdb2021-12-21 12:51:47.195root 11241100x8000000000000000727249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095047ba3af7ff082021-12-21 12:51:47.196root 11241100x8000000000000000727250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a781e9180b48b72021-12-21 12:51:47.196root 11241100x8000000000000000727251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d5a8c360f207cf2021-12-21 12:51:47.196root 11241100x8000000000000000727252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d538ff99edadacb32021-12-21 12:51:47.196root 11241100x8000000000000000727253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03658d5c7d819aa2021-12-21 12:51:47.196root 11241100x8000000000000000727254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da749d69b317a0f72021-12-21 12:51:47.196root 11241100x8000000000000000727255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78183fd526d85ab32021-12-21 12:51:47.196root 11241100x8000000000000000727256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80635d9dd6c9f4102021-12-21 12:51:47.196root 11241100x8000000000000000727257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ae8e1caf4bc1b2021-12-21 12:51:47.196root 11241100x8000000000000000727258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf69a59529fcd80a2021-12-21 12:51:47.196root 11241100x8000000000000000727259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bcbe7ba9fba73b2021-12-21 12:51:47.196root 11241100x8000000000000000727260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caea6c74eedf0892021-12-21 12:51:47.196root 11241100x8000000000000000727261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff685ab310d253e2021-12-21 12:51:47.694root 11241100x8000000000000000727262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a1ede01a02d04a2021-12-21 12:51:47.694root 11241100x8000000000000000727263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac78ba98ac4b4c22021-12-21 12:51:47.694root 11241100x8000000000000000727264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a0cb3c09a03482021-12-21 12:51:47.694root 11241100x8000000000000000727265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b585a1798980942021-12-21 12:51:47.694root 11241100x8000000000000000727266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0116ca1c53134f62021-12-21 12:51:47.694root 11241100x8000000000000000727267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da85e1961c9e5b342021-12-21 12:51:47.694root 11241100x8000000000000000727268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baa4ea225b3f5cb2021-12-21 12:51:47.694root 11241100x8000000000000000727269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b9c6a07fd39ab02021-12-21 12:51:47.694root 11241100x8000000000000000727270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865ec90d462b8f202021-12-21 12:51:47.695root 11241100x8000000000000000727271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4630d6ea900c912021-12-21 12:51:47.695root 11241100x8000000000000000727272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d3d6537aad73512021-12-21 12:51:47.695root 11241100x8000000000000000727273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b46af3200ecab8e2021-12-21 12:51:47.695root 11241100x8000000000000000727274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e062f73033d00e1f2021-12-21 12:51:47.695root 11241100x8000000000000000727275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdfb3ab85f7424a2021-12-21 12:51:47.695root 11241100x8000000000000000727276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931e346f63e89ad2021-12-21 12:51:47.695root 11241100x8000000000000000727277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a9ed1e8b7d74352021-12-21 12:51:47.695root 11241100x8000000000000000727278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05e7f87c861906b2021-12-21 12:51:47.695root 11241100x8000000000000000727279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfde95c0010350d2021-12-21 12:51:47.695root 11241100x8000000000000000727280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f050ff83912b9522021-12-21 12:51:47.695root 11241100x8000000000000000727281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa74839eebb8eaf62021-12-21 12:51:47.695root 11241100x8000000000000000727282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a81c71dbf0d1a4e2021-12-21 12:51:47.695root 11241100x8000000000000000727283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7871c5382607b66d2021-12-21 12:51:47.695root 11241100x8000000000000000727284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5631cf262a9218102021-12-21 12:51:47.695root 11241100x8000000000000000727285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de174ecc59e4eb3f2021-12-21 12:51:47.696root 11241100x8000000000000000727286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04d799d3a918a522021-12-21 12:51:47.696root 11241100x8000000000000000727287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8059f6d9a7b14a9f2021-12-21 12:51:47.696root 11241100x8000000000000000727288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca035b76a1df5042021-12-21 12:51:47.696root 11241100x8000000000000000727289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101400b862ec1e1c2021-12-21 12:51:47.696root 11241100x8000000000000000727290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209398dc857c51212021-12-21 12:51:47.696root 11241100x8000000000000000727291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fefbdd8269347e22021-12-21 12:51:47.696root 11241100x8000000000000000727292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6e875a2d6aa8e2021-12-21 12:51:47.696root 11241100x8000000000000000727293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2694d5a02315d1b92021-12-21 12:51:47.696root 11241100x8000000000000000727294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8da050dea0ce7c2021-12-21 12:51:47.696root 11241100x8000000000000000727295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d300f4e95dafb8a62021-12-21 12:51:47.696root 11241100x8000000000000000727296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c159f89b606972021-12-21 12:51:47.696root 11241100x8000000000000000727297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed951212966cda182021-12-21 12:51:48.194root 11241100x8000000000000000727298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e94d3ce1ccce9a2021-12-21 12:51:48.194root 11241100x8000000000000000727299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928ead0538bea47d2021-12-21 12:51:48.194root 11241100x8000000000000000727300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fb6ae336b9191c2021-12-21 12:51:48.194root 11241100x8000000000000000727301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e576f18bfd1f8c2021-12-21 12:51:48.194root 11241100x8000000000000000727302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9d0b62ceba220b2021-12-21 12:51:48.194root 11241100x8000000000000000727303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195fcfb6e17d8bde2021-12-21 12:51:48.194root 11241100x8000000000000000727304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c2e5a6847d7c4e2021-12-21 12:51:48.195root 11241100x8000000000000000727305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1390473779f4b0202021-12-21 12:51:48.195root 11241100x8000000000000000727306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ec0e2169175d7e2021-12-21 12:51:48.195root 11241100x8000000000000000727307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ff6e3ce13fed332021-12-21 12:51:48.195root 11241100x8000000000000000727308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f942af78bd1929662021-12-21 12:51:48.195root 11241100x8000000000000000727309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23772366dd43ead2021-12-21 12:51:48.195root 11241100x8000000000000000727310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d899205d8abaf72021-12-21 12:51:48.195root 11241100x8000000000000000727311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53729073ff7fea2021-12-21 12:51:48.195root 11241100x8000000000000000727312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eafaa17e75f9752021-12-21 12:51:48.195root 11241100x8000000000000000727313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ba719aff0a1132021-12-21 12:51:48.195root 11241100x8000000000000000727314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e9fffccf188c782021-12-21 12:51:48.195root 11241100x8000000000000000727315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce0b5da80d8d012021-12-21 12:51:48.195root 11241100x8000000000000000727316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdad4fdd6f35c9642021-12-21 12:51:48.195root 11241100x8000000000000000727317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b544bec3e6e2d4f82021-12-21 12:51:48.196root 11241100x8000000000000000727318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac8cd0de00d189e2021-12-21 12:51:48.196root 11241100x8000000000000000727319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69675ad56c33e6d82021-12-21 12:51:48.196root 11241100x8000000000000000727320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f852accb934402021-12-21 12:51:48.196root 11241100x8000000000000000727321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ce595813b4d0a42021-12-21 12:51:48.196root 11241100x8000000000000000727322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3db2bb4bba4c3462021-12-21 12:51:48.196root 11241100x8000000000000000727323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c4868e5c905a6f2021-12-21 12:51:48.196root 11241100x8000000000000000727324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d78f04a31fafc3f2021-12-21 12:51:48.196root 11241100x8000000000000000727325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf0df75cdd4495c2021-12-21 12:51:48.196root 11241100x8000000000000000727326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e33bbb828f966a2021-12-21 12:51:48.196root 11241100x8000000000000000727327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a9f57cb0822f3d2021-12-21 12:51:48.196root 11241100x8000000000000000727328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95002e3a1f4066962021-12-21 12:51:48.196root 11241100x8000000000000000727329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601be72d396c48ea2021-12-21 12:51:48.196root 11241100x8000000000000000727330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079db6a38357793d2021-12-21 12:51:48.196root 11241100x8000000000000000727331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba1016fb58bc88d2021-12-21 12:51:48.196root 11241100x8000000000000000727332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881092d568dc6de42021-12-21 12:51:48.196root 11241100x8000000000000000727333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7184b89f4223d7c2021-12-21 12:51:48.694root 11241100x8000000000000000727334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2cd37ad865d7b2021-12-21 12:51:48.694root 11241100x8000000000000000727335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195d8b6f48ebfee22021-12-21 12:51:48.694root 11241100x8000000000000000727336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8a2dbb56d505092021-12-21 12:51:48.694root 11241100x8000000000000000727337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fda9c39f6f50992021-12-21 12:51:48.694root 11241100x8000000000000000727338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c153c32486ba94902021-12-21 12:51:48.694root 11241100x8000000000000000727339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92aa0e599574bf82021-12-21 12:51:48.694root 11241100x8000000000000000727340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f1e4149945ca672021-12-21 12:51:48.694root 11241100x8000000000000000727341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02576f042a42244a2021-12-21 12:51:48.694root 11241100x8000000000000000727342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38565800c8bac4b12021-12-21 12:51:48.695root 11241100x8000000000000000727343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2485b5613e90fd7e2021-12-21 12:51:48.695root 11241100x8000000000000000727344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ef2420527bb9b92021-12-21 12:51:48.695root 11241100x8000000000000000727345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9149943632e2f4522021-12-21 12:51:48.695root 11241100x8000000000000000727346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edea1060fe91061c2021-12-21 12:51:48.695root 11241100x8000000000000000727347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86647fe3969321982021-12-21 12:51:48.695root 11241100x8000000000000000727348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae06fa4c848e31112021-12-21 12:51:48.695root 11241100x8000000000000000727349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b502dbe9bf5582021-12-21 12:51:48.695root 11241100x8000000000000000727350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d33d18421e11b712021-12-21 12:51:48.695root 11241100x8000000000000000727351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923d08880116bf332021-12-21 12:51:48.695root 11241100x8000000000000000727352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799693d8e8b0c4372021-12-21 12:51:48.695root 11241100x8000000000000000727353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6bee1ff6b92e2d2021-12-21 12:51:48.695root 11241100x8000000000000000727354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fca02843128b4ae2021-12-21 12:51:48.695root 11241100x8000000000000000727355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fe1f5b5901b6232021-12-21 12:51:48.695root 11241100x8000000000000000727356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ba3b5e848eb67c2021-12-21 12:51:48.695root 11241100x8000000000000000727357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa358dd66fe46e52021-12-21 12:51:48.695root 11241100x8000000000000000727358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508f625b3a48e83b2021-12-21 12:51:48.696root 11241100x8000000000000000727359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba681a34090b35bf2021-12-21 12:51:48.696root 11241100x8000000000000000727360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e3d2501843ff4a2021-12-21 12:51:48.696root 11241100x8000000000000000727361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2023f0349a3610d2021-12-21 12:51:48.696root 11241100x8000000000000000727362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb78b2e84d8daf62021-12-21 12:51:48.696root 11241100x8000000000000000727363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5781aed1109c12021-12-21 12:51:48.696root 11241100x8000000000000000727364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5d071642c5916d2021-12-21 12:51:48.696root 11241100x8000000000000000727365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22ea78204ed0e3f2021-12-21 12:51:48.696root 11241100x8000000000000000727366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd18839464c470a2021-12-21 12:51:48.696root 11241100x8000000000000000727367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83670b8bddf7aa52021-12-21 12:51:48.696root 11241100x8000000000000000727368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23054ec9befdc382021-12-21 12:51:48.696root 11241100x8000000000000000727369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d609c53e70be4a2021-12-21 12:51:49.194root 11241100x8000000000000000727370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12c853362e187ff2021-12-21 12:51:49.194root 11241100x8000000000000000727371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56c7e083b664902021-12-21 12:51:49.194root 11241100x8000000000000000727372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde6388b314c1e42021-12-21 12:51:49.194root 11241100x8000000000000000727373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02ed5b91131d2cf2021-12-21 12:51:49.194root 11241100x8000000000000000727374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a056d388c1341e72021-12-21 12:51:49.194root 11241100x8000000000000000727375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9393d9ed8e0f3d1d2021-12-21 12:51:49.194root 11241100x8000000000000000727376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd523b0579c6da82021-12-21 12:51:49.195root 11241100x8000000000000000727377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13974bf55df25d122021-12-21 12:51:49.195root 11241100x8000000000000000727378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6e23e6deda46e92021-12-21 12:51:49.195root 11241100x8000000000000000727379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a9bf13c8e605cc2021-12-21 12:51:49.195root 11241100x8000000000000000727380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca5b1bd2e201e982021-12-21 12:51:49.195root 11241100x8000000000000000727381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854b97a7f7e35c752021-12-21 12:51:49.195root 11241100x8000000000000000727382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987644df9e22d86a2021-12-21 12:51:49.195root 11241100x8000000000000000727383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a4a389e7a53faa2021-12-21 12:51:49.195root 11241100x8000000000000000727384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b55a94753ceb9f82021-12-21 12:51:49.195root 11241100x8000000000000000727385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7ddebb9fa1c5b22021-12-21 12:51:49.195root 11241100x8000000000000000727386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751b6431385934ac2021-12-21 12:51:49.195root 11241100x8000000000000000727387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13913f1a1b6187402021-12-21 12:51:49.195root 11241100x8000000000000000727388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1068cc71e621ea752021-12-21 12:51:49.195root 11241100x8000000000000000727389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85933482f11d62222021-12-21 12:51:49.195root 11241100x8000000000000000727390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce595321e1c28e832021-12-21 12:51:49.196root 11241100x8000000000000000727391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1134f1fafc4029b02021-12-21 12:51:49.196root 11241100x8000000000000000727392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a349be6e1d3c8792021-12-21 12:51:49.196root 11241100x8000000000000000727393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012fa68697c609312021-12-21 12:51:49.196root 11241100x8000000000000000727394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a650b0bff513915d2021-12-21 12:51:49.196root 11241100x8000000000000000727395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6049e57e0d90a392021-12-21 12:51:49.196root 11241100x8000000000000000727396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e147aa0e0a63fa2021-12-21 12:51:49.196root 11241100x8000000000000000727397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8518c991464a51712021-12-21 12:51:49.196root 11241100x8000000000000000727398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ab535f7f211312021-12-21 12:51:49.196root 11241100x8000000000000000727399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d17fad021cad452021-12-21 12:51:49.196root 11241100x8000000000000000727400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5248e8665e97725e2021-12-21 12:51:49.196root 11241100x8000000000000000727401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a052a9c0f11faf62021-12-21 12:51:49.196root 11241100x8000000000000000727402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9abfdb50d69f7d2021-12-21 12:51:49.196root 11241100x8000000000000000727403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02df005af047b9e22021-12-21 12:51:49.196root 11241100x8000000000000000727404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af5037476394512021-12-21 12:51:49.196root 11241100x8000000000000000727405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7bb681364d9b12021-12-21 12:51:49.694root 11241100x8000000000000000727406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d7a890a55ccf42021-12-21 12:51:49.694root 11241100x8000000000000000727407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2ca0014b320e5d2021-12-21 12:51:49.694root 11241100x8000000000000000727408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e24b6ca370b9c2021-12-21 12:51:49.694root 11241100x8000000000000000727409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cef9105583e38a2021-12-21 12:51:49.694root 11241100x8000000000000000727410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0744067e6bf8dbf82021-12-21 12:51:49.694root 11241100x8000000000000000727411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5718bc34d5da31a32021-12-21 12:51:49.694root 11241100x8000000000000000727412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b427f15a0912c4f92021-12-21 12:51:49.694root 11241100x8000000000000000727413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb7b28ef8b46c572021-12-21 12:51:49.694root 11241100x8000000000000000727414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e614494abee7bfe2021-12-21 12:51:49.695root 11241100x8000000000000000727415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cea5f194cf17602021-12-21 12:51:49.695root 11241100x8000000000000000727416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ac9ba632b7bf512021-12-21 12:51:49.695root 11241100x8000000000000000727417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7d2aee09f78fee2021-12-21 12:51:49.695root 11241100x8000000000000000727418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151c033bb631ae6b2021-12-21 12:51:49.695root 11241100x8000000000000000727419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e72fe4fa4ab502021-12-21 12:51:49.695root 11241100x8000000000000000727420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11d2ea9c3df4df32021-12-21 12:51:49.695root 11241100x8000000000000000727421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87eb121164d16f02021-12-21 12:51:49.695root 11241100x8000000000000000727422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e41456590fe6262021-12-21 12:51:49.695root 11241100x8000000000000000727423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c253b6fd47fda52021-12-21 12:51:49.695root 11241100x8000000000000000727424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e344c8e07d848822021-12-21 12:51:49.695root 11241100x8000000000000000727425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa25fb307f1ff9fc2021-12-21 12:51:49.695root 11241100x8000000000000000727426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81efa1733ff470a32021-12-21 12:51:49.696root 11241100x8000000000000000727427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c433175ff7377d22021-12-21 12:51:49.696root 11241100x8000000000000000727428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1e8b26d1c619ba2021-12-21 12:51:49.696root 11241100x8000000000000000727429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e46abfadbfe2f082021-12-21 12:51:49.696root 11241100x8000000000000000727430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b686c702a5fb09622021-12-21 12:51:49.696root 11241100x8000000000000000727431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8e25f3618d1b82021-12-21 12:51:49.696root 11241100x8000000000000000727432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4953de0e79183b2021-12-21 12:51:49.696root 11241100x8000000000000000727433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb37b9584fbb58cf2021-12-21 12:51:49.696root 11241100x8000000000000000727434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d57d83ba844722021-12-21 12:51:49.696root 11241100x8000000000000000727435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e554a18e3f4bd422021-12-21 12:51:49.696root 11241100x8000000000000000727436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6809940a830c5b9b2021-12-21 12:51:49.696root 11241100x8000000000000000727437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9441d605cc95c0422021-12-21 12:51:49.696root 11241100x8000000000000000727438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e99ede59e0d2bf2021-12-21 12:51:49.696root 11241100x8000000000000000727439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775b208aac5bfc712021-12-21 12:51:49.696root 11241100x8000000000000000727440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fadc2c7f5b38592021-12-21 12:51:49.696root 11241100x8000000000000000727441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20aed9050a17e532021-12-21 12:51:50.194root 11241100x8000000000000000727442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4df76698594d3402021-12-21 12:51:50.194root 11241100x8000000000000000727443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39cdc06293e7972021-12-21 12:51:50.194root 11241100x8000000000000000727444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c17f9031499ee72021-12-21 12:51:50.194root 11241100x8000000000000000727445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4108e60ddffebf52021-12-21 12:51:50.194root 11241100x8000000000000000727446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b354911296efae2021-12-21 12:51:50.194root 11241100x8000000000000000727447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333c7c673ba99aee2021-12-21 12:51:50.194root 11241100x8000000000000000727448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8d1c28dc5ef9952021-12-21 12:51:50.194root 11241100x8000000000000000727449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d94af5752b195f2021-12-21 12:51:50.195root 11241100x8000000000000000727450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b729e7aeb7ac01b12021-12-21 12:51:50.195root 11241100x8000000000000000727451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a25c15b9c2af6372021-12-21 12:51:50.195root 11241100x8000000000000000727452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbda57d98851402d2021-12-21 12:51:50.195root 11241100x8000000000000000727453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a39ee317b711dcb2021-12-21 12:51:50.195root 11241100x8000000000000000727454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42cfc159d5286172021-12-21 12:51:50.195root 11241100x8000000000000000727455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c436fc21f5ae7a5f2021-12-21 12:51:50.195root 11241100x8000000000000000727456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa7e72cdab6efe02021-12-21 12:51:50.195root 11241100x8000000000000000727457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf6e0180dde44362021-12-21 12:51:50.195root 11241100x8000000000000000727458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ebee942b9c32e82021-12-21 12:51:50.195root 11241100x8000000000000000727459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe871b62ee2ebb52021-12-21 12:51:50.195root 11241100x8000000000000000727460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc7fcf55a0fd3ea2021-12-21 12:51:50.195root 11241100x8000000000000000727461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd6ea18724b083c2021-12-21 12:51:50.195root 11241100x8000000000000000727462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c60a828a3acbd02021-12-21 12:51:50.195root 11241100x8000000000000000727463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2746c89daee64772021-12-21 12:51:50.195root 11241100x8000000000000000727464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9698b9e7abf09fec2021-12-21 12:51:50.196root 11241100x8000000000000000727465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61fe03104b0b8142021-12-21 12:51:50.196root 11241100x8000000000000000727466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7642b4dbcb7fa36f2021-12-21 12:51:50.196root 11241100x8000000000000000727467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d57422708bfa42021-12-21 12:51:50.196root 11241100x8000000000000000727468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d31aded3f11f5d2021-12-21 12:51:50.196root 11241100x8000000000000000727469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ae63d92b27c6f2021-12-21 12:51:50.196root 11241100x8000000000000000727470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b079f291c20b862021-12-21 12:51:50.196root 11241100x8000000000000000727471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d1363f357ab6fc2021-12-21 12:51:50.196root 11241100x8000000000000000727472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74379e07a31a315b2021-12-21 12:51:50.196root 11241100x8000000000000000727473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c278086c3b00aeb72021-12-21 12:51:50.196root 11241100x8000000000000000727474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122b8539d7a70a0f2021-12-21 12:51:50.196root 11241100x8000000000000000727475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a38168b0dc11422021-12-21 12:51:50.196root 11241100x8000000000000000727476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7ffd69f0576e12021-12-21 12:51:50.196root 11241100x8000000000000000727477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7536974f0752f3322021-12-21 12:51:50.694root 11241100x8000000000000000727478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa352a457086336e2021-12-21 12:51:50.694root 11241100x8000000000000000727479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79d34713b4aff332021-12-21 12:51:50.694root 11241100x8000000000000000727480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a1d9fc1a3f92452021-12-21 12:51:50.694root 11241100x8000000000000000727481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f677169be8c4422021-12-21 12:51:50.694root 11241100x8000000000000000727482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb2fe9ab0b03a02021-12-21 12:51:50.694root 11241100x8000000000000000727483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1147ff1dc9bb4122021-12-21 12:51:50.694root 11241100x8000000000000000727484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8aaddf973d9aa12021-12-21 12:51:50.694root 11241100x8000000000000000727485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe8d7d06832afe62021-12-21 12:51:50.694root 11241100x8000000000000000727486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc05136f1bbaec62021-12-21 12:51:50.695root 11241100x8000000000000000727487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30568da255bbc4342021-12-21 12:51:50.695root 11241100x8000000000000000727488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cecc799f28a005b2021-12-21 12:51:50.695root 11241100x8000000000000000727489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06388fdfb13d0ce92021-12-21 12:51:50.695root 11241100x8000000000000000727490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a4d82628224df22021-12-21 12:51:50.695root 11241100x8000000000000000727491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e88ac1a528caa92021-12-21 12:51:50.695root 11241100x8000000000000000727492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc580c1421183b52021-12-21 12:51:50.695root 11241100x8000000000000000727493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ed4394cce247312021-12-21 12:51:50.695root 11241100x8000000000000000727494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a89d2c1e6c659cd2021-12-21 12:51:50.695root 11241100x8000000000000000727495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7206195b27c28a2021-12-21 12:51:50.695root 11241100x8000000000000000727496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d21fa1cd0903d62021-12-21 12:51:50.695root 11241100x8000000000000000727497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca06eb3ce061a6e62021-12-21 12:51:50.695root 11241100x8000000000000000727498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f85273a889014f52021-12-21 12:51:50.695root 11241100x8000000000000000727499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fae37f4a34121d2021-12-21 12:51:50.695root 11241100x8000000000000000727500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b027431092761c112021-12-21 12:51:50.695root 11241100x8000000000000000727501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd731426e433f1f2021-12-21 12:51:50.695root 11241100x8000000000000000727502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e378b62dfc08b2762021-12-21 12:51:50.696root 11241100x8000000000000000727503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eff574aa19e06292021-12-21 12:51:50.696root 11241100x8000000000000000727504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614d433d960a03d2021-12-21 12:51:50.696root 11241100x8000000000000000727505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec88c6174560e2d22021-12-21 12:51:50.696root 11241100x8000000000000000727506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e9ce11e5ee5c6a2021-12-21 12:51:50.696root 11241100x8000000000000000727507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f2a7b9c47f9e602021-12-21 12:51:50.696root 11241100x8000000000000000727508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaa9b8646b992e92021-12-21 12:51:50.696root 11241100x8000000000000000727509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb1e0cfc0b16ebb2021-12-21 12:51:50.696root 11241100x8000000000000000727510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28252373aba0d4052021-12-21 12:51:50.696root 11241100x8000000000000000727511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3734830bbd68462021-12-21 12:51:50.696root 11241100x8000000000000000727512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36165ca939ebfd852021-12-21 12:51:50.696root 11241100x8000000000000000727513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4b0eddebd851d2021-12-21 12:51:51.194root 11241100x8000000000000000727514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31aebacea9f7f8a2021-12-21 12:51:51.194root 11241100x8000000000000000727515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e804a3a928401fd2021-12-21 12:51:51.194root 11241100x8000000000000000727516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2e85b1154d4582021-12-21 12:51:51.194root 11241100x8000000000000000727517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a4bb2b24d95c822021-12-21 12:51:51.194root 11241100x8000000000000000727518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980ce30c90873b52021-12-21 12:51:51.194root 11241100x8000000000000000727519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb809cdb9339b3692021-12-21 12:51:51.194root 11241100x8000000000000000727520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab290079baef1342021-12-21 12:51:51.194root 11241100x8000000000000000727521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ab3a55ab36f1c2021-12-21 12:51:51.194root 11241100x8000000000000000727522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068367630b564422021-12-21 12:51:51.194root 11241100x8000000000000000727523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e617c63bd5ce9c22021-12-21 12:51:51.195root 11241100x8000000000000000727524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e557a308eae75af2021-12-21 12:51:51.195root 11241100x8000000000000000727525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c039070bd16478e72021-12-21 12:51:51.195root 11241100x8000000000000000727526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920174ceeb937c32021-12-21 12:51:51.195root 11241100x8000000000000000727527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085e0ae1c17fbe642021-12-21 12:51:51.195root 11241100x8000000000000000727528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b39d4541cee9c92021-12-21 12:51:51.195root 11241100x8000000000000000727529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ec3dd32a14aed2021-12-21 12:51:51.195root 11241100x8000000000000000727530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b1bd19434f1e42021-12-21 12:51:51.195root 11241100x8000000000000000727531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2baca4be0dc6392021-12-21 12:51:51.195root 11241100x8000000000000000727532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72196650ecd0eb402021-12-21 12:51:51.195root 11241100x8000000000000000727533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625fd61b6313f0492021-12-21 12:51:51.195root 11241100x8000000000000000727534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3aed37233d5f3d2021-12-21 12:51:51.195root 11241100x8000000000000000727535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca179256700bfe72021-12-21 12:51:51.195root 11241100x8000000000000000727536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc88697d01e50c52021-12-21 12:51:51.196root 11241100x8000000000000000727537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be54955582d774202021-12-21 12:51:51.196root 11241100x8000000000000000727538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc339a97efbf7eb2021-12-21 12:51:51.196root 11241100x8000000000000000727539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc1fbd21d31e4182021-12-21 12:51:51.196root 11241100x8000000000000000727540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c6bee89210388c2021-12-21 12:51:51.196root 11241100x8000000000000000727541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6e266c0e444bf22021-12-21 12:51:51.196root 11241100x8000000000000000727542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c255b8530fa0b02021-12-21 12:51:51.196root 11241100x8000000000000000727543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24844339fff1f5c2021-12-21 12:51:51.196root 11241100x8000000000000000727544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e114e485b6f493d2021-12-21 12:51:51.196root 11241100x8000000000000000727545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d365e9228f62c72021-12-21 12:51:51.196root 11241100x8000000000000000727546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc02ea08889b38232021-12-21 12:51:51.196root 11241100x8000000000000000727547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f765dfb9760c442021-12-21 12:51:51.196root 11241100x8000000000000000727548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c998c7e4a6be03c32021-12-21 12:51:51.197root 354300x8000000000000000727549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.253{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50594-false10.0.1.12-8000- 11241100x8000000000000000727550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605bfb3d5956326e2021-12-21 12:51:51.694root 11241100x8000000000000000727551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13b0f9cc5c635832021-12-21 12:51:51.694root 11241100x8000000000000000727552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722673a92c3195f32021-12-21 12:51:51.694root 11241100x8000000000000000727553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b3a43babe3cd5e2021-12-21 12:51:51.695root 11241100x8000000000000000727554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faa2911f10324342021-12-21 12:51:51.695root 11241100x8000000000000000727555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a16184f64ea8082021-12-21 12:51:51.695root 11241100x8000000000000000727556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd725aff190be552021-12-21 12:51:51.696root 11241100x8000000000000000727557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6242e222459723442021-12-21 12:51:51.696root 11241100x8000000000000000727558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717f0199ef3dad22021-12-21 12:51:51.696root 11241100x8000000000000000727559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9d79540bc71b702021-12-21 12:51:51.696root 11241100x8000000000000000727560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f70eaf8aeecdeb2021-12-21 12:51:51.696root 11241100x8000000000000000727561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57b79861990b8072021-12-21 12:51:51.696root 11241100x8000000000000000727562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606234493f8d15832021-12-21 12:51:51.697root 11241100x8000000000000000727563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f45009942b87522021-12-21 12:51:51.697root 11241100x8000000000000000727564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eda61139dc910a2021-12-21 12:51:51.697root 11241100x8000000000000000727565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e2bfd74a885c582021-12-21 12:51:51.697root 11241100x8000000000000000727566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79a1950d0a9472c2021-12-21 12:51:51.697root 11241100x8000000000000000727567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f799ee70470edc432021-12-21 12:51:51.697root 11241100x8000000000000000727568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74813b79f32c6bb52021-12-21 12:51:51.698root 11241100x8000000000000000727569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350c5ce1a2b01f622021-12-21 12:51:51.698root 11241100x8000000000000000727570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4386403ddd95455a2021-12-21 12:51:51.698root 11241100x8000000000000000727571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2bed7317ca56e62021-12-21 12:51:51.698root 11241100x8000000000000000727572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251555ab5ee714082021-12-21 12:51:51.698root 11241100x8000000000000000727573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fdbbd7bc04d30c2021-12-21 12:51:51.698root 11241100x8000000000000000727574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0445adcaaaa583b12021-12-21 12:51:51.698root 11241100x8000000000000000727575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee691952aa750392021-12-21 12:51:51.698root 11241100x8000000000000000727576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f8d182bbc82ea22021-12-21 12:51:51.698root 11241100x8000000000000000727577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a3fd0cfa68a90a2021-12-21 12:51:51.698root 11241100x8000000000000000727578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce16c466e119ba2021-12-21 12:51:51.698root 11241100x8000000000000000727579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34b69fee41a25312021-12-21 12:51:51.698root 11241100x8000000000000000727580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c70cbb17101bb852021-12-21 12:51:51.698root 11241100x8000000000000000727581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9750bc0599e3d12021-12-21 12:51:51.698root 11241100x8000000000000000727582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5877cdec38de222021-12-21 12:51:51.698root 11241100x8000000000000000727583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec116fcf1cd3e2e2021-12-21 12:51:51.699root 11241100x8000000000000000727584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561756cc5416228c2021-12-21 12:51:51.699root 11241100x8000000000000000727585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22909da61e27d7e2021-12-21 12:51:51.699root 11241100x8000000000000000727586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1854ab262556e94b2021-12-21 12:51:51.699root 11241100x8000000000000000727587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a863249002aa702021-12-21 12:51:52.194root 11241100x8000000000000000727588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3443e634f23c65622021-12-21 12:51:52.194root 11241100x8000000000000000727589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88b833fc133802c2021-12-21 12:51:52.194root 11241100x8000000000000000727590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38658bf15828d3d92021-12-21 12:51:52.194root 11241100x8000000000000000727591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348864d2b70397602021-12-21 12:51:52.194root 11241100x8000000000000000727592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc2244ad2df10852021-12-21 12:51:52.194root 11241100x8000000000000000727593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5184933471f8b0c2021-12-21 12:51:52.194root 11241100x8000000000000000727594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214430ee38dd9e182021-12-21 12:51:52.194root 11241100x8000000000000000727595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d040b7ca8d0541e2021-12-21 12:51:52.195root 11241100x8000000000000000727596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03911c9684e136f62021-12-21 12:51:52.195root 11241100x8000000000000000727597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac04f278c5728bd2021-12-21 12:51:52.195root 11241100x8000000000000000727598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be8c11f7a8fcec92021-12-21 12:51:52.195root 11241100x8000000000000000727599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787e52a767509dba2021-12-21 12:51:52.195root 11241100x8000000000000000727600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2279c2a88bdd8b2021-12-21 12:51:52.195root 11241100x8000000000000000727601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0fa47a059da972021-12-21 12:51:52.195root 11241100x8000000000000000727602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30347a945e12b6c32021-12-21 12:51:52.195root 11241100x8000000000000000727603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3a21d2a5ece02a2021-12-21 12:51:52.195root 11241100x8000000000000000727604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c0c6483c96af22021-12-21 12:51:52.195root 11241100x8000000000000000727605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa3b4004fe39fd82021-12-21 12:51:52.195root 11241100x8000000000000000727606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a792113452b17c2021-12-21 12:51:52.195root 11241100x8000000000000000727607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c98213340d6ac82021-12-21 12:51:52.196root 11241100x8000000000000000727608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e628d5c4a82df82021-12-21 12:51:52.196root 11241100x8000000000000000727609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a87573744423b1d2021-12-21 12:51:52.196root 11241100x8000000000000000727610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa57f24606873152021-12-21 12:51:52.196root 11241100x8000000000000000727611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3251584602e6745f2021-12-21 12:51:52.196root 11241100x8000000000000000727612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a2f136de3cede92021-12-21 12:51:52.196root 11241100x8000000000000000727613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e03133269c5246e2021-12-21 12:51:52.196root 11241100x8000000000000000727614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaa2c15415800e62021-12-21 12:51:52.196root 11241100x8000000000000000727615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0892c4fc7379573a2021-12-21 12:51:52.196root 11241100x8000000000000000727616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78058972b79c64122021-12-21 12:51:52.196root 11241100x8000000000000000727617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1d33dd2aec8dfe2021-12-21 12:51:52.198root 11241100x8000000000000000727618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97087bcb404110cd2021-12-21 12:51:52.198root 11241100x8000000000000000727619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2522c5f342e8f4162021-12-21 12:51:52.198root 11241100x8000000000000000727620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66091e32beede6e2021-12-21 12:51:52.198root 11241100x8000000000000000727621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27819a09265ddac2021-12-21 12:51:52.198root 11241100x8000000000000000727622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074690d325b80ea02021-12-21 12:51:52.198root 11241100x8000000000000000727623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09884ccf5eb1def12021-12-21 12:51:52.198root 11241100x8000000000000000727624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c4ee96d1c5bb862021-12-21 12:51:52.694root 11241100x8000000000000000727625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c15b065b8ce23322021-12-21 12:51:52.694root 11241100x8000000000000000727626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89800c1c5057254a2021-12-21 12:51:52.694root 11241100x8000000000000000727627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6794bc41b11a7e9b2021-12-21 12:51:52.694root 11241100x8000000000000000727628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f69777771102ac42021-12-21 12:51:52.694root 11241100x8000000000000000727629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7ea93668ab95812021-12-21 12:51:52.694root 11241100x8000000000000000727630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bc2b49f7a403732021-12-21 12:51:52.694root 11241100x8000000000000000727631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d74fcc9b827d9462021-12-21 12:51:52.695root 11241100x8000000000000000727632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7714faabdf6487412021-12-21 12:51:52.695root 11241100x8000000000000000727633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b612e2e1ec9f20c12021-12-21 12:51:52.695root 11241100x8000000000000000727634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277fb1cd75a2c79c2021-12-21 12:51:52.695root 11241100x8000000000000000727635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cd0a706d7fea242021-12-21 12:51:52.695root 11241100x8000000000000000727636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd2608d4977d45c2021-12-21 12:51:52.695root 11241100x8000000000000000727637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a214ec7f3951f8352021-12-21 12:51:52.695root 11241100x8000000000000000727638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b7dc4741e22ca92021-12-21 12:51:52.695root 11241100x8000000000000000727639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de66aa0b43e5900b2021-12-21 12:51:52.695root 11241100x8000000000000000727640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398219a953c1fc392021-12-21 12:51:52.695root 11241100x8000000000000000727641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b8aedf5cdf6fb12021-12-21 12:51:52.695root 11241100x8000000000000000727642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42324592a3bbbe72021-12-21 12:51:52.695root 11241100x8000000000000000727643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e65cebf879a0d42021-12-21 12:51:52.695root 11241100x8000000000000000727644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb429bfdbbfd8a02021-12-21 12:51:52.695root 11241100x8000000000000000727645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e005000b8161142021-12-21 12:51:52.695root 11241100x8000000000000000727646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd58640679a678b2021-12-21 12:51:52.695root 11241100x8000000000000000727647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caab169ad2e2e8ef2021-12-21 12:51:52.696root 11241100x8000000000000000727648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0a33a3482538032021-12-21 12:51:52.696root 11241100x8000000000000000727649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d78d192b0c1e522021-12-21 12:51:52.696root 11241100x8000000000000000727650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a55b5922909a4c42021-12-21 12:51:52.696root 11241100x8000000000000000727651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c548d142fdefb2372021-12-21 12:51:52.696root 11241100x8000000000000000727652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc2916150051472021-12-21 12:51:52.696root 11241100x8000000000000000727653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145bd73499e2d4302021-12-21 12:51:52.696root 11241100x8000000000000000727654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12937d199f0b59c2021-12-21 12:51:52.696root 11241100x8000000000000000727655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8887f28f391f5be12021-12-21 12:51:52.696root 11241100x8000000000000000727656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58244a5ad79abbf2021-12-21 12:51:52.696root 11241100x8000000000000000727657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a4c962bd2dd4072021-12-21 12:51:52.696root 11241100x8000000000000000727658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd0e6e15c6452e62021-12-21 12:51:52.696root 11241100x8000000000000000727659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af2188ddd55c2952021-12-21 12:51:52.696root 11241100x8000000000000000727660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09609d5e2f528dd62021-12-21 12:51:52.696root 11241100x8000000000000000727661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef683d65158a550c2021-12-21 12:51:53.194root 11241100x8000000000000000727662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12afd14dccb7860c2021-12-21 12:51:53.194root 11241100x8000000000000000727663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dc49452a1aab1b2021-12-21 12:51:53.194root 11241100x8000000000000000727664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f521379196c50b02021-12-21 12:51:53.194root 11241100x8000000000000000727665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40eab14c27b797d2021-12-21 12:51:53.194root 11241100x8000000000000000727666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfb8ac5ecc96faa2021-12-21 12:51:53.194root 11241100x8000000000000000727667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a968dc04f026b3f62021-12-21 12:51:53.194root 11241100x8000000000000000727668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7914885373ba7422021-12-21 12:51:53.195root 11241100x8000000000000000727669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce57a774c59afd12021-12-21 12:51:53.195root 11241100x8000000000000000727670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13ea4e6b7beda172021-12-21 12:51:53.195root 11241100x8000000000000000727671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53da480355bf5b2021-12-21 12:51:53.195root 11241100x8000000000000000727672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb520ab2919676642021-12-21 12:51:53.195root 11241100x8000000000000000727673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3ac45c269629d22021-12-21 12:51:53.195root 11241100x8000000000000000727674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aa550aa55680622021-12-21 12:51:53.195root 11241100x8000000000000000727675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c159971e4240deac2021-12-21 12:51:53.195root 11241100x8000000000000000727676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facc60a516f45b472021-12-21 12:51:53.195root 11241100x8000000000000000727677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e597faaa71786b92021-12-21 12:51:53.195root 11241100x8000000000000000727678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2248c2036fb293ef2021-12-21 12:51:53.195root 11241100x8000000000000000727679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a3dd8a402a512b2021-12-21 12:51:53.195root 11241100x8000000000000000727680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0580e97d4b1f20c32021-12-21 12:51:53.195root 11241100x8000000000000000727681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56bdb7621d2401f2021-12-21 12:51:53.195root 11241100x8000000000000000727682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ffc466c61a85ab2021-12-21 12:51:53.195root 11241100x8000000000000000727683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffa8152adac88872021-12-21 12:51:53.195root 11241100x8000000000000000727684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decc74ef107528f12021-12-21 12:51:53.196root 11241100x8000000000000000727685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bf9f6e12e6bcc22021-12-21 12:51:53.196root 11241100x8000000000000000727686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d710ee8701d472e02021-12-21 12:51:53.196root 11241100x8000000000000000727687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2abcc5533b210612021-12-21 12:51:53.196root 11241100x8000000000000000727688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a590d74c35fc2a2021-12-21 12:51:53.196root 11241100x8000000000000000727689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda31d43d223d0d52021-12-21 12:51:53.196root 11241100x8000000000000000727690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2006038cae8889352021-12-21 12:51:53.196root 11241100x8000000000000000727691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6939c0a0574bb92021-12-21 12:51:53.196root 11241100x8000000000000000727692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8f71412d625e8a2021-12-21 12:51:53.196root 11241100x8000000000000000727693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43c59fc4ebb8212021-12-21 12:51:53.196root 11241100x8000000000000000727694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac20a88728d8d9d2021-12-21 12:51:53.196root 11241100x8000000000000000727695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a130ac03f552a22021-12-21 12:51:53.196root 11241100x8000000000000000727696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e554fb78170c7a2021-12-21 12:51:53.196root 11241100x8000000000000000727697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e582992f87e2fdc2021-12-21 12:51:53.197root 11241100x8000000000000000727698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f23b3089b734ee2021-12-21 12:51:53.694root 11241100x8000000000000000727699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac838b671f5e4c2021-12-21 12:51:53.694root 11241100x8000000000000000727700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6c088595f58ddc2021-12-21 12:51:53.694root 11241100x8000000000000000727701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001f05c1c897136b2021-12-21 12:51:53.694root 11241100x8000000000000000727702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5578398bb7cb6fb62021-12-21 12:51:53.694root 11241100x8000000000000000727703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674902da29a2b5102021-12-21 12:51:53.694root 11241100x8000000000000000727704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab409fd321c39142021-12-21 12:51:53.694root 11241100x8000000000000000727705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfccc682e3649aaa2021-12-21 12:51:53.695root 11241100x8000000000000000727706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca9e5283e6d8e62021-12-21 12:51:53.695root 11241100x8000000000000000727707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c3b4a70f0d23312021-12-21 12:51:53.695root 11241100x8000000000000000727708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec58083b063daf072021-12-21 12:51:53.695root 11241100x8000000000000000727709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba12bde2395d7582021-12-21 12:51:53.695root 11241100x8000000000000000727710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736b710abc0be9ed2021-12-21 12:51:53.696root 11241100x8000000000000000727711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd02a3b4807b61d2021-12-21 12:51:53.696root 11241100x8000000000000000727712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6340e8fa9bc5872021-12-21 12:51:53.696root 11241100x8000000000000000727713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886c0614fac8d2302021-12-21 12:51:53.696root 11241100x8000000000000000727714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072072ddb3b612282021-12-21 12:51:53.696root 11241100x8000000000000000727715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd5830a43a829f72021-12-21 12:51:53.696root 11241100x8000000000000000727716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c718a51d3435b12021-12-21 12:51:53.696root 11241100x8000000000000000727717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7901b0a76b283052021-12-21 12:51:53.696root 11241100x8000000000000000727718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3e4d0a4910312a2021-12-21 12:51:53.696root 11241100x8000000000000000727719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b02340a6c8a592021-12-21 12:51:53.696root 11241100x8000000000000000727720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf87b7efac63a742021-12-21 12:51:53.696root 11241100x8000000000000000727721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d2d8dab76fe4f2021-12-21 12:51:53.697root 11241100x8000000000000000727722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec5f4bee8dee3cb2021-12-21 12:51:53.697root 11241100x8000000000000000727723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e923e765c95e86512021-12-21 12:51:53.697root 11241100x8000000000000000727724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad18a48b10f1ae2021-12-21 12:51:53.697root 11241100x8000000000000000727725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a6f8206bc1325d2021-12-21 12:51:53.697root 11241100x8000000000000000727726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7050ca53fe6efae22021-12-21 12:51:53.697root 11241100x8000000000000000727727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc97e409017111c2021-12-21 12:51:53.697root 11241100x8000000000000000727728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0abe103dbfd5492021-12-21 12:51:53.697root 11241100x8000000000000000727729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0b940a89479acc2021-12-21 12:51:53.697root 11241100x8000000000000000727730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c0aef7ee1c94c2021-12-21 12:51:53.697root 11241100x8000000000000000727731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118504b7ef1b08a52021-12-21 12:51:53.697root 11241100x8000000000000000727732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a721f6a781c780ef2021-12-21 12:51:53.697root 11241100x8000000000000000727733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9b9787313f948e2021-12-21 12:51:53.697root 11241100x8000000000000000727734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41511219db1d1e372021-12-21 12:51:53.697root 11241100x8000000000000000727735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4339cb4dda3f332021-12-21 12:51:54.194root 11241100x8000000000000000727736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5458d2769dbaa9c12021-12-21 12:51:54.194root 11241100x8000000000000000727737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ba4ae0ab632c92021-12-21 12:51:54.194root 11241100x8000000000000000727738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d718f061c1734b952021-12-21 12:51:54.195root 11241100x8000000000000000727739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e9a49baab67d22021-12-21 12:51:54.195root 11241100x8000000000000000727740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53b773fd9d440502021-12-21 12:51:54.195root 11241100x8000000000000000727741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e556c682bca5d15a2021-12-21 12:51:54.195root 11241100x8000000000000000727742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5052855956cf3d2021-12-21 12:51:54.195root 11241100x8000000000000000727743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85286723836e78392021-12-21 12:51:54.195root 11241100x8000000000000000727744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e58f72bf53a38a2021-12-21 12:51:54.195root 11241100x8000000000000000727745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648da44089e91b822021-12-21 12:51:54.196root 11241100x8000000000000000727746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536450f8542974202021-12-21 12:51:54.196root 11241100x8000000000000000727747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8daa2931a29aed82021-12-21 12:51:54.196root 11241100x8000000000000000727748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f328e3baac68a3e52021-12-21 12:51:54.196root 11241100x8000000000000000727749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1ea9f36d5e125e2021-12-21 12:51:54.196root 11241100x8000000000000000727750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e255f83a26f362021-12-21 12:51:54.196root 11241100x8000000000000000727751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c647fb04b891d6d02021-12-21 12:51:54.196root 11241100x8000000000000000727752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b28241caaae47aa2021-12-21 12:51:54.197root 11241100x8000000000000000727753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e8705fa7b89d202021-12-21 12:51:54.197root 11241100x8000000000000000727754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b56d74422d15b42021-12-21 12:51:54.197root 11241100x8000000000000000727755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f116b48860d70f572021-12-21 12:51:54.197root 11241100x8000000000000000727756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3ea8ac2cd87af42021-12-21 12:51:54.197root 11241100x8000000000000000727757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6cb045e431b5832021-12-21 12:51:54.197root 11241100x8000000000000000727758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0415598a52e6da392021-12-21 12:51:54.197root 11241100x8000000000000000727759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b310ba5079cf6a32021-12-21 12:51:54.198root 11241100x8000000000000000727760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f7cef41c7473582021-12-21 12:51:54.198root 11241100x8000000000000000727761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565fcc51a1cd6cc22021-12-21 12:51:54.198root 11241100x8000000000000000727762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0014c696f51a50022021-12-21 12:51:54.198root 11241100x8000000000000000727763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d019b46009816e3d2021-12-21 12:51:54.198root 11241100x8000000000000000727764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dacee012047690c2021-12-21 12:51:54.198root 11241100x8000000000000000727765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33688383677876ef2021-12-21 12:51:54.198root 11241100x8000000000000000727766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eb7fbc67b092ce2021-12-21 12:51:54.198root 11241100x8000000000000000727767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfccbae77006ebd2021-12-21 12:51:54.198root 11241100x8000000000000000727768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29556a2de909542b2021-12-21 12:51:54.198root 11241100x8000000000000000727769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb5f17c056b6f842021-12-21 12:51:54.198root 11241100x8000000000000000727770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca64635290285b82021-12-21 12:51:54.198root 11241100x8000000000000000727771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b93cd77c28f47f2021-12-21 12:51:54.198root 11241100x8000000000000000727772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7bb3d143e2ac952021-12-21 12:51:54.694root 11241100x8000000000000000727773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35e27e43bd175372021-12-21 12:51:54.694root 11241100x8000000000000000727774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa29c47cb45fd1312021-12-21 12:51:54.694root 11241100x8000000000000000727775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6778ac7d2d7b86f2021-12-21 12:51:54.694root 11241100x8000000000000000727776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc760a66067a0f2021-12-21 12:51:54.694root 11241100x8000000000000000727777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43820c6d2129d072021-12-21 12:51:54.694root 11241100x8000000000000000727778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a96da0b056cc6a2021-12-21 12:51:54.694root 11241100x8000000000000000727779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88d5cf6fa4a58482021-12-21 12:51:54.694root 11241100x8000000000000000727780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a5bab2879572802021-12-21 12:51:54.695root 11241100x8000000000000000727781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84ccd24fac478da2021-12-21 12:51:54.695root 11241100x8000000000000000727782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926f447739c59c702021-12-21 12:51:54.695root 11241100x8000000000000000727783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc1b0341b8f34b22021-12-21 12:51:54.695root 11241100x8000000000000000727784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4104172e9cd58f952021-12-21 12:51:54.695root 11241100x8000000000000000727785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46593ab0b1770d6a2021-12-21 12:51:54.695root 11241100x8000000000000000727786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b1f01e64602332021-12-21 12:51:54.695root 11241100x8000000000000000727787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc832ef92c1be332021-12-21 12:51:54.695root 11241100x8000000000000000727788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5630c49efef3f21e2021-12-21 12:51:54.695root 11241100x8000000000000000727789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce002885e32fbf8e2021-12-21 12:51:54.695root 11241100x8000000000000000727790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c18ed88d7ecd4d2021-12-21 12:51:54.695root 11241100x8000000000000000727791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b5768fb9b66de2021-12-21 12:51:54.695root 11241100x8000000000000000727792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4346fe8ca807d1892021-12-21 12:51:54.695root 11241100x8000000000000000727793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d006cd5c1c78642021-12-21 12:51:54.695root 11241100x8000000000000000727794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef30bb29cea1b5022021-12-21 12:51:54.696root 11241100x8000000000000000727795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3135e713bf6334ae2021-12-21 12:51:54.696root 11241100x8000000000000000727796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b92016cd2c1f9d2021-12-21 12:51:54.696root 11241100x8000000000000000727797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1355b5b557b32ee52021-12-21 12:51:54.696root 11241100x8000000000000000727798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11463e67b49b9e2021-12-21 12:51:54.697root 11241100x8000000000000000727799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27630790819fe82021-12-21 12:51:54.697root 11241100x8000000000000000727800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f3f2c9b984e9462021-12-21 12:51:54.697root 11241100x8000000000000000727801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a512939ea7e333e2021-12-21 12:51:54.697root 11241100x8000000000000000727802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f402eb78033e6f52021-12-21 12:51:54.697root 11241100x8000000000000000727803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b91f31882f324a2021-12-21 12:51:54.697root 11241100x8000000000000000727804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed99e53d4fb82c32021-12-21 12:51:54.697root 11241100x8000000000000000727805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ed963066dab6a2021-12-21 12:51:54.697root 11241100x8000000000000000727806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da06da96feafa9f02021-12-21 12:51:54.698root 11241100x8000000000000000727807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d9562ca84bed62021-12-21 12:51:54.698root 11241100x8000000000000000727808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d173375acc860b2021-12-21 12:51:54.698root 11241100x8000000000000000727809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0355c6ac321db642021-12-21 12:51:55.194root 11241100x8000000000000000727810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0892886937d532021-12-21 12:51:55.194root 11241100x8000000000000000727811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576253270011765d2021-12-21 12:51:55.194root 11241100x8000000000000000727812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf789d7e7f5cfb72021-12-21 12:51:55.194root 11241100x8000000000000000727813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6368639b2855962021-12-21 12:51:55.194root 11241100x8000000000000000727814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3caf2638a692d8d2021-12-21 12:51:55.194root 11241100x8000000000000000727815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7eb5cbf2d6022dc2021-12-21 12:51:55.194root 11241100x8000000000000000727816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7985258215306c72021-12-21 12:51:55.195root 11241100x8000000000000000727817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4126ed3cbc59816f2021-12-21 12:51:55.195root 11241100x8000000000000000727818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f12b4173853f6232021-12-21 12:51:55.195root 11241100x8000000000000000727819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3213f8c436c1db52021-12-21 12:51:55.195root 11241100x8000000000000000727820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda118defd2361042021-12-21 12:51:55.195root 11241100x8000000000000000727821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3d6cc7c29994d62021-12-21 12:51:55.195root 11241100x8000000000000000727822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf6e2d0c93aafb42021-12-21 12:51:55.195root 11241100x8000000000000000727823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5632cc913e41667d2021-12-21 12:51:55.195root 11241100x8000000000000000727824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb7c33cf54b00ae2021-12-21 12:51:55.195root 11241100x8000000000000000727825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c997140fbaa0a5a2021-12-21 12:51:55.195root 11241100x8000000000000000727826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43a8f16899e3132021-12-21 12:51:55.195root 11241100x8000000000000000727827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e51fed86b4cfcf2021-12-21 12:51:55.195root 11241100x8000000000000000727828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d098ff6f8d13b532021-12-21 12:51:55.196root 11241100x8000000000000000727829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e8c0fdd912de532021-12-21 12:51:55.196root 11241100x8000000000000000727830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5fc7003f3bde122021-12-21 12:51:55.196root 11241100x8000000000000000727831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656567f7bd97303b2021-12-21 12:51:55.196root 11241100x8000000000000000727832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37237b9c56bab4012021-12-21 12:51:55.196root 11241100x8000000000000000727833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91481ec90837e7b2021-12-21 12:51:55.196root 11241100x8000000000000000727834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034e3441371814442021-12-21 12:51:55.196root 11241100x8000000000000000727835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea17d3c700d47122021-12-21 12:51:55.196root 11241100x8000000000000000727836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00f03f0b2c8a84f2021-12-21 12:51:55.196root 11241100x8000000000000000727837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2239459788a7f02021-12-21 12:51:55.196root 11241100x8000000000000000727838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e7e24ad1a236bd2021-12-21 12:51:55.196root 11241100x8000000000000000727839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4900ed68e75812992021-12-21 12:51:55.196root 11241100x8000000000000000727840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b1e2ec922c0fe92021-12-21 12:51:55.196root 11241100x8000000000000000727841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac039140bc5e064f2021-12-21 12:51:55.196root 11241100x8000000000000000727842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21de0a88f5bfe2332021-12-21 12:51:55.196root 11241100x8000000000000000727843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ef157740b4c5fa2021-12-21 12:51:55.197root 11241100x8000000000000000727844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b7629133c5426d2021-12-21 12:51:55.197root 11241100x8000000000000000727845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e775368e40279d932021-12-21 12:51:55.197root 11241100x8000000000000000727846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e9e4491781a8922021-12-21 12:51:55.694root 11241100x8000000000000000727847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53354986b794eec22021-12-21 12:51:55.694root 11241100x8000000000000000727848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3284e19921af312021-12-21 12:51:55.694root 11241100x8000000000000000727849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b60e7f922313142021-12-21 12:51:55.694root 11241100x8000000000000000727850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09b1da3fe645cc92021-12-21 12:51:55.694root 11241100x8000000000000000727851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4be6dfd7de764e2021-12-21 12:51:55.694root 11241100x8000000000000000727852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02964b0eb1be2edc2021-12-21 12:51:55.694root 11241100x8000000000000000727853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e78d6d1fa2ffb72021-12-21 12:51:55.694root 11241100x8000000000000000727854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967ee1de7904731b2021-12-21 12:51:55.695root 11241100x8000000000000000727855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50fc649b47f22bf2021-12-21 12:51:55.695root 11241100x8000000000000000727856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006386b6c474f9862021-12-21 12:51:55.695root 11241100x8000000000000000727857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b3a5dcfbeded152021-12-21 12:51:55.695root 11241100x8000000000000000727858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595a6a6105119fe2021-12-21 12:51:55.695root 11241100x8000000000000000727859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e52122db4f89c882021-12-21 12:51:55.695root 11241100x8000000000000000727860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1860eabdb5e8336d2021-12-21 12:51:55.695root 11241100x8000000000000000727861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4d40e436a47df2021-12-21 12:51:55.695root 11241100x8000000000000000727862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0eb5422cd16142021-12-21 12:51:55.695root 11241100x8000000000000000727863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5c73b2300390fb2021-12-21 12:51:55.695root 11241100x8000000000000000727864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e104a266d68e4c8c2021-12-21 12:51:55.695root 11241100x8000000000000000727865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0143aa4b6bf73d72021-12-21 12:51:55.696root 11241100x8000000000000000727866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e9701c1074e0d12021-12-21 12:51:55.696root 11241100x8000000000000000727867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d34398243eb8f42021-12-21 12:51:55.696root 11241100x8000000000000000727868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a00b154ccb8c642021-12-21 12:51:55.696root 11241100x8000000000000000727869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab8032645d651552021-12-21 12:51:55.696root 11241100x8000000000000000727870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca83693d7d43c2b2021-12-21 12:51:55.696root 11241100x8000000000000000727871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d770c244f4c363362021-12-21 12:51:55.696root 11241100x8000000000000000727872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0423b5cc1052bbc2021-12-21 12:51:55.696root 11241100x8000000000000000727873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d022f814bc72c3012021-12-21 12:51:55.696root 11241100x8000000000000000727874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6e6f49f7a4f8362021-12-21 12:51:55.696root 11241100x8000000000000000727875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba3ad25521efc122021-12-21 12:51:55.696root 11241100x8000000000000000727876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730e2ad19f46ed62021-12-21 12:51:55.696root 11241100x8000000000000000727877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc599010cb84c982021-12-21 12:51:55.696root 11241100x8000000000000000727878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db051fd77021ead2021-12-21 12:51:55.696root 11241100x8000000000000000727879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a8fd8235ff31b2021-12-21 12:51:55.696root 11241100x8000000000000000727880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d08e40c8f378fc12021-12-21 12:51:55.697root 11241100x8000000000000000727881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a745ccfd184cd5062021-12-21 12:51:55.697root 11241100x8000000000000000727882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a51c4d16108deee2021-12-21 12:51:55.697root 11241100x8000000000000000727883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f8e6a827af68ae2021-12-21 12:51:56.194root 11241100x8000000000000000727884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ada59da15f50522021-12-21 12:51:56.194root 11241100x8000000000000000727885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f65550b32e43d2021-12-21 12:51:56.194root 11241100x8000000000000000727886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81a4606b41732502021-12-21 12:51:56.194root 11241100x8000000000000000727887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed705846f2601a32021-12-21 12:51:56.194root 11241100x8000000000000000727888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8634cf8392a2933b2021-12-21 12:51:56.194root 11241100x8000000000000000727889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422ad19f61b955362021-12-21 12:51:56.194root 11241100x8000000000000000727890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9e165134c58cc12021-12-21 12:51:56.194root 11241100x8000000000000000727891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab5a81fc9c9fe3f2021-12-21 12:51:56.194root 11241100x8000000000000000727892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0356cd90b9662962021-12-21 12:51:56.195root 11241100x8000000000000000727893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87671de7104954162021-12-21 12:51:56.195root 11241100x8000000000000000727894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ee8e727327ab342021-12-21 12:51:56.195root 11241100x8000000000000000727895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299014b1eb986c842021-12-21 12:51:56.195root 11241100x8000000000000000727896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1204d516e6e4ebfc2021-12-21 12:51:56.195root 11241100x8000000000000000727897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5318b765789d0572021-12-21 12:51:56.195root 11241100x8000000000000000727898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1feecf73ce9fc2021-12-21 12:51:56.195root 11241100x8000000000000000727899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5e292d68eda12e2021-12-21 12:51:56.195root 11241100x8000000000000000727900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be4797a16a5d6b2021-12-21 12:51:56.195root 11241100x8000000000000000727901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4179bc9d305c10cb2021-12-21 12:51:56.195root 11241100x8000000000000000727902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a7becf1c146cf72021-12-21 12:51:56.195root 11241100x8000000000000000727903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a151979853f9c172021-12-21 12:51:56.195root 11241100x8000000000000000727904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ca9aa77887ddd22021-12-21 12:51:56.195root 11241100x8000000000000000727905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c51d0c04622da82021-12-21 12:51:56.195root 11241100x8000000000000000727906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd3d8441335bc642021-12-21 12:51:56.195root 11241100x8000000000000000727907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57378c8bc3c399952021-12-21 12:51:56.196root 11241100x8000000000000000727908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a49710fed3578c2021-12-21 12:51:56.196root 11241100x8000000000000000727909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ff79f4795e56302021-12-21 12:51:56.196root 11241100x8000000000000000727910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa4bafd6013a0d62021-12-21 12:51:56.196root 11241100x8000000000000000727911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7d23c2cd21194a2021-12-21 12:51:56.196root 11241100x8000000000000000727912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792dddb32c209dc2021-12-21 12:51:56.196root 11241100x8000000000000000727913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923803c45390b7fd2021-12-21 12:51:56.196root 11241100x8000000000000000727914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf928e4de5a669fb2021-12-21 12:51:56.196root 11241100x8000000000000000727915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cab468a0b3908e2021-12-21 12:51:56.196root 11241100x8000000000000000727916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caef926c2551e60a2021-12-21 12:51:56.196root 11241100x8000000000000000727917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e46d46a376aa6ed2021-12-21 12:51:56.196root 11241100x8000000000000000727918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732eec2ac0080f4a2021-12-21 12:51:56.196root 11241100x8000000000000000727919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b542e3c805b7aa2021-12-21 12:51:56.196root 11241100x8000000000000000727920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977b50cb88f1694c2021-12-21 12:51:56.694root 11241100x8000000000000000727921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484fb468285cfba2021-12-21 12:51:56.694root 11241100x8000000000000000727922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26636bae5935aad2021-12-21 12:51:56.694root 11241100x8000000000000000727923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41adcf9c1f44afdb2021-12-21 12:51:56.695root 11241100x8000000000000000727924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d35f42c2babc3452021-12-21 12:51:56.695root 11241100x8000000000000000727925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27c20d5bf7789e2021-12-21 12:51:56.695root 11241100x8000000000000000727926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caaba849656c3a52021-12-21 12:51:56.695root 11241100x8000000000000000727927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b2edca719cb8d52021-12-21 12:51:56.695root 11241100x8000000000000000727928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fc4c1b3860dfae2021-12-21 12:51:56.695root 11241100x8000000000000000727929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1649d0962ec672a2021-12-21 12:51:56.695root 11241100x8000000000000000727930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21978879efa1e922021-12-21 12:51:56.695root 11241100x8000000000000000727931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4715ce72aa0c472021-12-21 12:51:56.695root 11241100x8000000000000000727932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aff3af2257fd342021-12-21 12:51:56.695root 11241100x8000000000000000727933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc6da77fdeb7b272021-12-21 12:51:56.695root 11241100x8000000000000000727934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0176911cc8da9722021-12-21 12:51:56.696root 11241100x8000000000000000727935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f8d37e4d65413f2021-12-21 12:51:56.696root 11241100x8000000000000000727936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b7d6ed4a3754bf2021-12-21 12:51:56.698root 11241100x8000000000000000727937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e91bcf3d0ce07f2021-12-21 12:51:56.698root 11241100x8000000000000000727938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5a0683ce7ce1f92021-12-21 12:51:56.699root 11241100x8000000000000000727939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340dd77ab64d1dd02021-12-21 12:51:56.699root 11241100x8000000000000000727940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e82719d1b150b332021-12-21 12:51:56.699root 11241100x8000000000000000727941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7724312fe9296c112021-12-21 12:51:56.699root 11241100x8000000000000000727942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc2ccbbb8d3a54c2021-12-21 12:51:56.699root 11241100x8000000000000000727943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecfc7ef56f8a3772021-12-21 12:51:56.699root 11241100x8000000000000000727944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b95241811b9a6b2021-12-21 12:51:56.699root 11241100x8000000000000000727945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a95a359cf2bdb12021-12-21 12:51:56.700root 11241100x8000000000000000727946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1270717ebbb47e2021-12-21 12:51:56.700root 11241100x8000000000000000727947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c67b44794ca2302021-12-21 12:51:56.700root 11241100x8000000000000000727948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6241f09112bed212021-12-21 12:51:56.701root 11241100x8000000000000000727949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c88da02c3dbd4bf2021-12-21 12:51:56.701root 11241100x8000000000000000727950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182433b695b39ea52021-12-21 12:51:56.701root 11241100x8000000000000000727951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d3e916fa737122021-12-21 12:51:56.701root 11241100x8000000000000000727952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0550a07209e99932021-12-21 12:51:56.701root 11241100x8000000000000000727953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d7a50e52eb36f72021-12-21 12:51:56.701root 11241100x8000000000000000727954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21c08ad843af6632021-12-21 12:51:56.701root 11241100x8000000000000000727955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141116be4eb876de2021-12-21 12:51:56.701root 11241100x8000000000000000727956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:56.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de554d7fe6b5ddd72021-12-21 12:51:56.702root 354300x8000000000000000727957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.112{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50596-false10.0.1.12-8000- 11241100x8000000000000000727958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ead2b7a53904d742021-12-21 12:51:57.113root 11241100x8000000000000000727959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347c40aa89489f5e2021-12-21 12:51:57.113root 11241100x8000000000000000727960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a3e215ae4a4bce2021-12-21 12:51:57.113root 11241100x8000000000000000727961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ba0da13cf3f3252021-12-21 12:51:57.114root 11241100x8000000000000000727962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b883ef1b45cd2cd2021-12-21 12:51:57.114root 11241100x8000000000000000727963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46afa1354ed4e7452021-12-21 12:51:57.114root 11241100x8000000000000000727964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4645f57a2816026f2021-12-21 12:51:57.114root 11241100x8000000000000000727965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad827d7acb67fb62021-12-21 12:51:57.114root 11241100x8000000000000000727966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba9a8829a925742021-12-21 12:51:57.114root 11241100x8000000000000000727967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe708bc11346e7712021-12-21 12:51:57.114root 11241100x8000000000000000727968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ad418bcc4f2b32021-12-21 12:51:57.114root 11241100x8000000000000000727969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5510bb6d7c82682021-12-21 12:51:57.115root 11241100x8000000000000000727970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd40db142d5484a2021-12-21 12:51:57.115root 11241100x8000000000000000727971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79799b944b3f3502021-12-21 12:51:57.115root 11241100x8000000000000000727972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a800f7be1c22992021-12-21 12:51:57.115root 11241100x8000000000000000727973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea873d63a992682021-12-21 12:51:57.115root 11241100x8000000000000000727974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7550dbeb5bd5d9a82021-12-21 12:51:57.115root 11241100x8000000000000000727975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f8e3027bf6c91f2021-12-21 12:51:57.116root 11241100x8000000000000000727976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa729c320a4153922021-12-21 12:51:57.116root 11241100x8000000000000000727977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6172139ab242b402021-12-21 12:51:57.116root 11241100x8000000000000000727978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f880a90fc7c18ae2021-12-21 12:51:57.116root 11241100x8000000000000000727979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a1ec4b24457bc52021-12-21 12:51:57.116root 11241100x8000000000000000727980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0fad85d565b71e2021-12-21 12:51:57.116root 11241100x8000000000000000727981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925a07f342072fe72021-12-21 12:51:57.116root 11241100x8000000000000000727982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f32b5be342c2d982021-12-21 12:51:57.116root 11241100x8000000000000000727983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df9b97430666d162021-12-21 12:51:57.116root 11241100x8000000000000000727984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614fbc185002c442021-12-21 12:51:57.116root 11241100x8000000000000000727985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd60bc6eee5244c2021-12-21 12:51:57.117root 11241100x8000000000000000727986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56e0ed8274f4ed42021-12-21 12:51:57.117root 11241100x8000000000000000727987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422ef9122cf0b2f2021-12-21 12:51:57.118root 11241100x8000000000000000727988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6c9edfdf54b5152021-12-21 12:51:57.118root 11241100x8000000000000000727989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c57b13da01a71b32021-12-21 12:51:57.118root 11241100x8000000000000000727990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2689be5fca1dc9502021-12-21 12:51:57.118root 11241100x8000000000000000727991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcedea9d93b4600a2021-12-21 12:51:57.118root 11241100x8000000000000000727992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253abde489ecc3992021-12-21 12:51:57.118root 11241100x8000000000000000727993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e8d2ceed173e962021-12-21 12:51:57.118root 11241100x8000000000000000727994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631ca1794ec415fc2021-12-21 12:51:57.118root 11241100x8000000000000000727995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3617a527de488992021-12-21 12:51:57.119root 11241100x8000000000000000727996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a80a9048ef357822021-12-21 12:51:57.119root 11241100x8000000000000000727997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf7849eb94146a52021-12-21 12:51:57.119root 11241100x8000000000000000727998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458479ee30d12f0a2021-12-21 12:51:57.119root 11241100x8000000000000000727999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a341743ec2cb1292021-12-21 12:51:57.119root 11241100x8000000000000000728000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bfd9ac912981052021-12-21 12:51:57.119root 11241100x8000000000000000728001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e1a1d1f8bb3242021-12-21 12:51:57.119root 11241100x8000000000000000728002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac8d6a159214d0e2021-12-21 12:51:57.119root 11241100x8000000000000000728003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89ecd7a5036c0882021-12-21 12:51:57.120root 11241100x8000000000000000728004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c47cfadf99b75a2021-12-21 12:51:57.120root 11241100x8000000000000000728005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca4ec358caa08f2021-12-21 12:51:57.120root 11241100x8000000000000000728006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de01ca2460f4a0c82021-12-21 12:51:57.120root 11241100x8000000000000000728007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ddf39d20c59ea72021-12-21 12:51:57.120root 11241100x8000000000000000728008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e25347f3c814962021-12-21 12:51:57.120root 11241100x8000000000000000728009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b5a0cabf6050552021-12-21 12:51:57.120root 11241100x8000000000000000728010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b0280bf7a3b742021-12-21 12:51:57.121root 11241100x8000000000000000728011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a1d0a88fd556732021-12-21 12:51:57.121root 11241100x8000000000000000728012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0c654e4ebc49002021-12-21 12:51:57.121root 11241100x8000000000000000728013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515072ffde9a58ce2021-12-21 12:51:57.121root 11241100x8000000000000000728014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df690fabd69e6482021-12-21 12:51:57.121root 11241100x8000000000000000728015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a976ee35e533fe692021-12-21 12:51:57.121root 11241100x8000000000000000728016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f196b9a098cacdf82021-12-21 12:51:57.121root 11241100x8000000000000000728017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a8072aad8d192b2021-12-21 12:51:57.121root 11241100x8000000000000000728018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79243978f88d1b7d2021-12-21 12:51:57.122root 11241100x8000000000000000728019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7d2346dae0d2872021-12-21 12:51:57.122root 11241100x8000000000000000728020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa6ce779713027b2021-12-21 12:51:57.122root 11241100x8000000000000000728021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f836f3cc274a7a92021-12-21 12:51:57.122root 11241100x8000000000000000728022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5493e5899c9b1d982021-12-21 12:51:57.122root 11241100x8000000000000000728023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab5adb4b41f859a2021-12-21 12:51:57.122root 11241100x8000000000000000728024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c4bb1d0f8f5eee2021-12-21 12:51:57.122root 11241100x8000000000000000728025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8822ab25ca5d32f2021-12-21 12:51:57.122root 11241100x8000000000000000728026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eecd8ccc8d1ce02021-12-21 12:51:57.122root 11241100x8000000000000000728027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208f1363250ef9572021-12-21 12:51:57.122root 11241100x8000000000000000728028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6033d2944c626432021-12-21 12:51:57.122root 11241100x8000000000000000728029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5994c87cde5ae2021-12-21 12:51:57.122root 11241100x8000000000000000728030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442103b7282f1a142021-12-21 12:51:57.122root 11241100x8000000000000000728031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037ed240b8e5ed672021-12-21 12:51:57.123root 11241100x8000000000000000728032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e72ec2c425e62082021-12-21 12:51:57.123root 11241100x8000000000000000728033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ffd53a91b200f62021-12-21 12:51:57.123root 11241100x8000000000000000728034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37af9a409ab1164e2021-12-21 12:51:57.123root 11241100x8000000000000000728035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f290c854a45508a2021-12-21 12:51:57.123root 11241100x8000000000000000728036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf3443dd4a6391c2021-12-21 12:51:57.123root 11241100x8000000000000000728037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df5e8eb10dd52bc2021-12-21 12:51:57.123root 11241100x8000000000000000728038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be88535f0af1793a2021-12-21 12:51:57.123root 11241100x8000000000000000728039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17238069ccae3fd2021-12-21 12:51:57.123root 11241100x8000000000000000728040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad48d4de624864a52021-12-21 12:51:57.123root 11241100x8000000000000000728041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889f5500878ddc1b2021-12-21 12:51:57.124root 11241100x8000000000000000728042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebaf9bea989a0ec2021-12-21 12:51:57.124root 11241100x8000000000000000728043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c93fa453d9a5a12021-12-21 12:51:57.124root 11241100x8000000000000000728044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9906e3fc1b1794b2021-12-21 12:51:57.124root 11241100x8000000000000000728045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f75fafeed9f022021-12-21 12:51:57.124root 11241100x8000000000000000728046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5672f98ee32289c02021-12-21 12:51:57.124root 11241100x8000000000000000728047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88caf407c12f7de2021-12-21 12:51:57.124root 11241100x8000000000000000728048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61731151c0839d12021-12-21 12:51:57.124root 11241100x8000000000000000728049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adffe474f7c1ff22021-12-21 12:51:57.124root 11241100x8000000000000000728050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24df04657b819e72021-12-21 12:51:57.124root 11241100x8000000000000000728051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a177f82deadc22ab2021-12-21 12:51:57.124root 11241100x8000000000000000728052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea459b2f0bbdc8f82021-12-21 12:51:57.124root 11241100x8000000000000000728053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dcb0ca2ac77cdd2021-12-21 12:51:57.124root 11241100x8000000000000000728054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c42ad10944ff462021-12-21 12:51:57.124root 11241100x8000000000000000728055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b3c5663e3a31842021-12-21 12:51:57.443root 11241100x8000000000000000728056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c6838a1797288d2021-12-21 12:51:57.443root 11241100x8000000000000000728057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aac13fa66b8cbe2021-12-21 12:51:57.443root 11241100x8000000000000000728058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87781f54eff63b412021-12-21 12:51:57.444root 11241100x8000000000000000728059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733e90e1bd856aad2021-12-21 12:51:57.444root 11241100x8000000000000000728060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc7a5e4cb461e82021-12-21 12:51:57.444root 11241100x8000000000000000728061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716e4a1688f5a9442021-12-21 12:51:57.444root 11241100x8000000000000000728062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59af5a9cfe3af0592021-12-21 12:51:57.444root 11241100x8000000000000000728063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1cd6d387f944542021-12-21 12:51:57.444root 11241100x8000000000000000728064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2686f459b5c9ff6e2021-12-21 12:51:57.444root 11241100x8000000000000000728065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11771edc9bca64252021-12-21 12:51:57.444root 11241100x8000000000000000728066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc1dfe37bd558a2021-12-21 12:51:57.444root 11241100x8000000000000000728067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab008d4f3f79adf2021-12-21 12:51:57.444root 11241100x8000000000000000728068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff75a74220c8b382021-12-21 12:51:57.444root 11241100x8000000000000000728069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146d5649c1eedeea2021-12-21 12:51:57.444root 11241100x8000000000000000728070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb567395e5522772021-12-21 12:51:57.444root 11241100x8000000000000000728071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0b5ba1759111e72021-12-21 12:51:57.444root 11241100x8000000000000000728072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4aaf8d06d2b2b8a2021-12-21 12:51:57.444root 11241100x8000000000000000728073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cf1fe1cdcbf6082021-12-21 12:51:57.445root 11241100x8000000000000000728074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdedacd619c134f2021-12-21 12:51:57.445root 11241100x8000000000000000728075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401040d847da6c562021-12-21 12:51:57.445root 11241100x8000000000000000728076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c1e8c8bb4cf23b2021-12-21 12:51:57.445root 11241100x8000000000000000728077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac219a0c6f4d6792021-12-21 12:51:57.445root 11241100x8000000000000000728078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065d714a3d4fbe4c2021-12-21 12:51:57.445root 11241100x8000000000000000728079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c41cc1f0fc01b52021-12-21 12:51:57.445root 11241100x8000000000000000728080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481abfeb56226352021-12-21 12:51:57.445root 11241100x8000000000000000728081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70cd7cd994c7702021-12-21 12:51:57.445root 11241100x8000000000000000728082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7d445a1f3e10a32021-12-21 12:51:57.445root 11241100x8000000000000000728083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5cd61fa822627c2021-12-21 12:51:57.445root 11241100x8000000000000000728084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711541022a6899112021-12-21 12:51:57.445root 11241100x8000000000000000728085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270e10e82d57fafe2021-12-21 12:51:57.445root 11241100x8000000000000000728086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b131b756a1fc59c62021-12-21 12:51:57.445root 11241100x8000000000000000728087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712a101a295689ee2021-12-21 12:51:57.446root 11241100x8000000000000000728088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdd43a4e754812d2021-12-21 12:51:57.446root 11241100x8000000000000000728089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b2de8d22e92132021-12-21 12:51:57.446root 11241100x8000000000000000728090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47bb60d6dd931102021-12-21 12:51:57.446root 11241100x8000000000000000728091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c41c7097f3a6912021-12-21 12:51:57.446root 11241100x8000000000000000728092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6dfac3d222076c2021-12-21 12:51:57.446root 11241100x8000000000000000728093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a78ffc53d07bd2021-12-21 12:51:57.446root 11241100x8000000000000000728094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361b5cca2d37ab322021-12-21 12:51:57.446root 11241100x8000000000000000728095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae803874c99961d2021-12-21 12:51:57.446root 11241100x8000000000000000728096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6950e2987f266142021-12-21 12:51:57.446root 11241100x8000000000000000728097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e20719ef0c1437f2021-12-21 12:51:57.446root 11241100x8000000000000000728098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b876b29e9138c0a72021-12-21 12:51:57.446root 11241100x8000000000000000728099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ee8f4b81b089452021-12-21 12:51:57.446root 11241100x8000000000000000728100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c9869b0be1a2f02021-12-21 12:51:57.447root 11241100x8000000000000000728101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163443b1b11593d2021-12-21 12:51:57.447root 11241100x8000000000000000728102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03fb7190f8399512021-12-21 12:51:57.447root 11241100x8000000000000000728103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7ebae39a8ff6b72021-12-21 12:51:57.943root 11241100x8000000000000000728104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdefb103451a4262021-12-21 12:51:57.943root 11241100x8000000000000000728105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ce1bd5995132162021-12-21 12:51:57.943root 11241100x8000000000000000728106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0027a59c6979df2021-12-21 12:51:57.943root 11241100x8000000000000000728107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b232bf2bea22f42021-12-21 12:51:57.944root 11241100x8000000000000000728108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53a8ace6ccf43402021-12-21 12:51:57.944root 11241100x8000000000000000728109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d392cb0072b7de3d2021-12-21 12:51:57.944root 11241100x8000000000000000728110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfff5ba1bc072f2021-12-21 12:51:57.944root 11241100x8000000000000000728111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cddd41be2ff4002021-12-21 12:51:57.944root 11241100x8000000000000000728112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17c864534954da62021-12-21 12:51:57.944root 11241100x8000000000000000728113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1865fbf80033f4ef2021-12-21 12:51:57.944root 11241100x8000000000000000728114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f067503cba8323d2021-12-21 12:51:57.944root 11241100x8000000000000000728115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ca9139afdffe852021-12-21 12:51:57.944root 11241100x8000000000000000728116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92616b200b090c922021-12-21 12:51:57.944root 11241100x8000000000000000728117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dce6d9b2e10e552021-12-21 12:51:57.944root 11241100x8000000000000000728118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0bdab16df8d5222021-12-21 12:51:57.944root 11241100x8000000000000000728119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e3d5ac0f3f904c2021-12-21 12:51:57.944root 11241100x8000000000000000728120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e016c10ab09979462021-12-21 12:51:57.945root 11241100x8000000000000000728121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cf33d9fa2be5662021-12-21 12:51:57.945root 11241100x8000000000000000728122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e088fe5b5f3943b22021-12-21 12:51:57.945root 11241100x8000000000000000728123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299463a4f9346a922021-12-21 12:51:57.945root 11241100x8000000000000000728124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a18f5757bef5ac2021-12-21 12:51:57.945root 11241100x8000000000000000728125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfc79f056a87aca2021-12-21 12:51:57.945root 11241100x8000000000000000728126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca84089e12d039c2021-12-21 12:51:57.945root 11241100x8000000000000000728127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c8073912cc62e2021-12-21 12:51:57.945root 11241100x8000000000000000728128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125aef4bb64700cc2021-12-21 12:51:57.945root 11241100x8000000000000000728129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab16c262284e3ff2021-12-21 12:51:57.945root 11241100x8000000000000000728130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cedcfc11138f7382021-12-21 12:51:57.945root 11241100x8000000000000000728131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be748e9247d5419c2021-12-21 12:51:57.945root 11241100x8000000000000000728132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb7fcf93168391e2021-12-21 12:51:57.945root 11241100x8000000000000000728133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe37beae7dd8ed02021-12-21 12:51:57.945root 11241100x8000000000000000728134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c716e74a81f2b662021-12-21 12:51:57.945root 11241100x8000000000000000728135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1586248d1182f72021-12-21 12:51:57.945root 11241100x8000000000000000728136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5286513cf147ceea2021-12-21 12:51:57.946root 11241100x8000000000000000728137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6bb0bca353c85e2021-12-21 12:51:57.946root 11241100x8000000000000000728138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d463c42661b04bb72021-12-21 12:51:57.946root 11241100x8000000000000000728139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3aa5f636ecf0222021-12-21 12:51:57.946root 11241100x8000000000000000728140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f473fa1e3f9d64e52021-12-21 12:51:57.946root 11241100x8000000000000000728141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e145572091382a792021-12-21 12:51:57.946root 11241100x8000000000000000728142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbb94db5b3c54102021-12-21 12:51:57.946root 11241100x8000000000000000728143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e787ce19ab309f772021-12-21 12:51:57.946root 11241100x8000000000000000728144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17438a48a887a51b2021-12-21 12:51:58.443root 11241100x8000000000000000728145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91121fa1ad4bdbf72021-12-21 12:51:58.443root 11241100x8000000000000000728146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bb653e4b0af95b2021-12-21 12:51:58.443root 11241100x8000000000000000728147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65daff8ea0e281872021-12-21 12:51:58.443root 11241100x8000000000000000728148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882b9369a18aee862021-12-21 12:51:58.444root 11241100x8000000000000000728149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57af23bff610c77d2021-12-21 12:51:58.444root 11241100x8000000000000000728150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2f7392991796da2021-12-21 12:51:58.444root 11241100x8000000000000000728151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb42299751620692021-12-21 12:51:58.444root 11241100x8000000000000000728152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999950f4e08866bc2021-12-21 12:51:58.444root 11241100x8000000000000000728153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b77d6919d2f3dc42021-12-21 12:51:58.444root 11241100x8000000000000000728154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cf368daf64db8a2021-12-21 12:51:58.444root 11241100x8000000000000000728155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5acd894fac15102021-12-21 12:51:58.444root 11241100x8000000000000000728156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f23734bfcbe6c3a2021-12-21 12:51:58.444root 11241100x8000000000000000728157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38168b9ced4c56062021-12-21 12:51:58.444root 11241100x8000000000000000728158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26549dc218664172021-12-21 12:51:58.444root 11241100x8000000000000000728159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e785ba602df254f2021-12-21 12:51:58.445root 11241100x8000000000000000728160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f09ab48b9fe8e022021-12-21 12:51:58.445root 11241100x8000000000000000728161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e75fa698518b15a2021-12-21 12:51:58.445root 11241100x8000000000000000728162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a9205b2e08c67c2021-12-21 12:51:58.445root 11241100x8000000000000000728163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e332387a4cd470922021-12-21 12:51:58.446root 11241100x8000000000000000728164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1bcc354ab55c312021-12-21 12:51:58.447root 11241100x8000000000000000728165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c61eb837597e882021-12-21 12:51:58.447root 11241100x8000000000000000728166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bdd26b95076a972021-12-21 12:51:58.447root 11241100x8000000000000000728167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8116493499b2cc972021-12-21 12:51:58.447root 11241100x8000000000000000728168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3f1b4ff838d942021-12-21 12:51:58.447root 11241100x8000000000000000728169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9c95e234aa4c3c2021-12-21 12:51:58.447root 11241100x8000000000000000728170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51174a34992e86582021-12-21 12:51:58.447root 11241100x8000000000000000728171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b83be72ee8fec72021-12-21 12:51:58.447root 11241100x8000000000000000728172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ed156734775c162021-12-21 12:51:58.447root 11241100x8000000000000000728173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a9b6a00f51ee12021-12-21 12:51:58.447root 11241100x8000000000000000728174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce26ab1cd35cda042021-12-21 12:51:58.447root 11241100x8000000000000000728175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435c22c0b331e8be2021-12-21 12:51:58.447root 11241100x8000000000000000728176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b8d8574f77ac972021-12-21 12:51:58.447root 11241100x8000000000000000728177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c1c514bec30f332021-12-21 12:51:58.448root 11241100x8000000000000000728178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f753a187813d31ce2021-12-21 12:51:58.448root 11241100x8000000000000000728179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e8bc9f88a6d9882021-12-21 12:51:58.448root 11241100x8000000000000000728180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11c85ad46c4c1cc2021-12-21 12:51:58.448root 11241100x8000000000000000728181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6381f3110ea597a2021-12-21 12:51:58.448root 11241100x8000000000000000728182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef313d79b1c8bf12021-12-21 12:51:58.943root 11241100x8000000000000000728183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2c7c2733ac63b02021-12-21 12:51:58.943root 11241100x8000000000000000728184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c01ca679c8ee342021-12-21 12:51:58.943root 11241100x8000000000000000728185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18228f270d68def02021-12-21 12:51:58.944root 11241100x8000000000000000728186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a6d78a78823dde2021-12-21 12:51:58.944root 11241100x8000000000000000728187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68d59254b42ae462021-12-21 12:51:58.944root 11241100x8000000000000000728188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bba1584e27d4e862021-12-21 12:51:58.944root 11241100x8000000000000000728189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedba35308f57b142021-12-21 12:51:58.944root 11241100x8000000000000000728190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d315052450f4af2021-12-21 12:51:58.944root 11241100x8000000000000000728191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b82393ce77710722021-12-21 12:51:58.944root 11241100x8000000000000000728192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8f2c235f92bc3b2021-12-21 12:51:58.944root 11241100x8000000000000000728193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520fe9f166066dc22021-12-21 12:51:58.944root 11241100x8000000000000000728194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfcfbc1be27984c2021-12-21 12:51:58.944root 11241100x8000000000000000728195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f5325bacbdbb622021-12-21 12:51:58.944root 11241100x8000000000000000728196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dee5c803ef93b0a2021-12-21 12:51:58.944root 11241100x8000000000000000728197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ffbc21693fedd32021-12-21 12:51:58.944root 11241100x8000000000000000728198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657a1922000ba4d92021-12-21 12:51:58.944root 11241100x8000000000000000728199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31161b43342f31d02021-12-21 12:51:58.944root 11241100x8000000000000000728200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406b982ad9f6c9da2021-12-21 12:51:58.944root 11241100x8000000000000000728201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5ab3a397b477f22021-12-21 12:51:58.945root 11241100x8000000000000000728202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aa4d733293d0fd2021-12-21 12:51:58.945root 11241100x8000000000000000728203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23439004cd3683b92021-12-21 12:51:58.945root 11241100x8000000000000000728204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982974ca58e350992021-12-21 12:51:58.945root 11241100x8000000000000000728205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9cef0a6e303aab2021-12-21 12:51:58.945root 11241100x8000000000000000728206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8fc62040170ae12021-12-21 12:51:58.945root 11241100x8000000000000000728207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c991e90d245552021-12-21 12:51:58.945root 11241100x8000000000000000728208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21600fffa2d7412d2021-12-21 12:51:58.945root 11241100x8000000000000000728209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8bd156fda01d9a2021-12-21 12:51:58.945root 11241100x8000000000000000728210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb8cdb443c646042021-12-21 12:51:58.945root 11241100x8000000000000000728211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed35264b418b3382021-12-21 12:51:58.945root 11241100x8000000000000000728212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466944049746be1e2021-12-21 12:51:58.945root 11241100x8000000000000000728213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd048fc1baa3f2072021-12-21 12:51:58.945root 11241100x8000000000000000728214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5975a1dd0936e3db2021-12-21 12:51:58.945root 11241100x8000000000000000728215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a562b2bce7da192021-12-21 12:51:58.945root 11241100x8000000000000000728216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c264fe380e57092021-12-21 12:51:58.945root 11241100x8000000000000000728217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8580418d9b6d075b2021-12-21 12:51:58.945root 11241100x8000000000000000728218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d0c3de84a59622021-12-21 12:51:58.946root 11241100x8000000000000000728219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e571932f9f406312021-12-21 12:51:58.946root 11241100x8000000000000000728220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b80b6cb0334bc9d2021-12-21 12:51:59.443root 11241100x8000000000000000728221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1039a628e068199f2021-12-21 12:51:59.443root 11241100x8000000000000000728222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8dd09b3b561af42021-12-21 12:51:59.443root 11241100x8000000000000000728223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5da515eb0ce04ef2021-12-21 12:51:59.443root 11241100x8000000000000000728224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c48914091592b62021-12-21 12:51:59.444root 11241100x8000000000000000728225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c113ec2546800452021-12-21 12:51:59.444root 11241100x8000000000000000728226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8de023b8d4fb102021-12-21 12:51:59.444root 11241100x8000000000000000728227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aae0d1fd494eaf62021-12-21 12:51:59.444root 11241100x8000000000000000728228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7110981f766a32021-12-21 12:51:59.444root 11241100x8000000000000000728229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd80a085f0b64102021-12-21 12:51:59.444root 11241100x8000000000000000728230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a244d66cd2ce4a5c2021-12-21 12:51:59.444root 11241100x8000000000000000728231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefd2c7f02b0274d2021-12-21 12:51:59.444root 11241100x8000000000000000728232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bea72477289472021-12-21 12:51:59.444root 11241100x8000000000000000728233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf708248770fd472021-12-21 12:51:59.444root 11241100x8000000000000000728234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506cc39901173df02021-12-21 12:51:59.444root 11241100x8000000000000000728235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd18b7d95617c6b2021-12-21 12:51:59.444root 11241100x8000000000000000728236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb343f7cc1406752021-12-21 12:51:59.444root 11241100x8000000000000000728237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f337905bcc2d722021-12-21 12:51:59.444root 11241100x8000000000000000728238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a363c2849c33232021-12-21 12:51:59.444root 11241100x8000000000000000728239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa93f0b1ba1e27332021-12-21 12:51:59.444root 11241100x8000000000000000728240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3702d4725cb5fa332021-12-21 12:51:59.445root 11241100x8000000000000000728241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef5accdb34b46a2021-12-21 12:51:59.445root 11241100x8000000000000000728242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8a0ee0308b5eaa2021-12-21 12:51:59.445root 11241100x8000000000000000728243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c4b35e3dbcee492021-12-21 12:51:59.445root 11241100x8000000000000000728244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a797237c25489c12021-12-21 12:51:59.445root 11241100x8000000000000000728245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9421f5fde6862b2021-12-21 12:51:59.445root 11241100x8000000000000000728246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a18143847b380da2021-12-21 12:51:59.445root 11241100x8000000000000000728247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3300599377a4dd72021-12-21 12:51:59.445root 11241100x8000000000000000728248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927f1b67111f00c82021-12-21 12:51:59.445root 11241100x8000000000000000728249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb08bab5c5f874f2021-12-21 12:51:59.445root 11241100x8000000000000000728250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ba75dfe46386552021-12-21 12:51:59.445root 11241100x8000000000000000728251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195779dd2d1aeeff2021-12-21 12:51:59.445root 11241100x8000000000000000728252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce16b3934034bb62021-12-21 12:51:59.445root 11241100x8000000000000000728253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69631f7cacbc2e2021-12-21 12:51:59.445root 11241100x8000000000000000728254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e8b7602a80755f2021-12-21 12:51:59.445root 11241100x8000000000000000728255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f586c6d3f88960b12021-12-21 12:51:59.445root 11241100x8000000000000000728256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5af7bca38f83ac2021-12-21 12:51:59.446root 11241100x8000000000000000728257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cbc0c0636f01112021-12-21 12:51:59.446root 11241100x8000000000000000728258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e9594a775087712021-12-21 12:51:59.446root 11241100x8000000000000000728259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404d453b332f2faa2021-12-21 12:51:59.446root 11241100x8000000000000000728260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4705ee746017852021-12-21 12:51:59.446root 11241100x8000000000000000728261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9733c7096b2092021-12-21 12:51:59.446root 11241100x8000000000000000728262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00809130538d825f2021-12-21 12:51:59.446root 11241100x8000000000000000728263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d7c0ddf88b739e2021-12-21 12:51:59.446root 11241100x8000000000000000728264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74798c9b5c45962021-12-21 12:51:59.446root 11241100x8000000000000000728265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb06f55b3836ebce2021-12-21 12:51:59.943root 11241100x8000000000000000728266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adaf434b3aadb292021-12-21 12:51:59.943root 11241100x8000000000000000728267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d9a611c25719c42021-12-21 12:51:59.943root 11241100x8000000000000000728268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d07aea3205879b42021-12-21 12:51:59.943root 11241100x8000000000000000728269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aadc13520190802021-12-21 12:51:59.944root 11241100x8000000000000000728270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905b91f5380538642021-12-21 12:51:59.944root 11241100x8000000000000000728271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdee862e014f0a92021-12-21 12:51:59.944root 11241100x8000000000000000728272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b892744690391d0e2021-12-21 12:51:59.944root 11241100x8000000000000000728273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5956b74bc9aed3b52021-12-21 12:51:59.944root 11241100x8000000000000000728274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e80f00fe7660b2021-12-21 12:51:59.944root 11241100x8000000000000000728275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd95db4b700ef392021-12-21 12:51:59.944root 11241100x8000000000000000728276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29be80a659c826312021-12-21 12:51:59.944root 11241100x8000000000000000728277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e2c388e023e6422021-12-21 12:51:59.944root 11241100x8000000000000000728278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32e0da650f0308c2021-12-21 12:51:59.944root 11241100x8000000000000000728279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bce45b3042fb162021-12-21 12:51:59.944root 11241100x8000000000000000728280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0314feaba8abfb2021-12-21 12:51:59.944root 11241100x8000000000000000728281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc4bbf48ac621952021-12-21 12:51:59.944root 11241100x8000000000000000728282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef9bb3e712671852021-12-21 12:51:59.944root 11241100x8000000000000000728283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3da979f8db9b42c2021-12-21 12:51:59.945root 11241100x8000000000000000728284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a77c1e868dc55f2021-12-21 12:51:59.945root 11241100x8000000000000000728285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e713bd17c1e3c2021-12-21 12:51:59.945root 11241100x8000000000000000728286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37df22dc8af910862021-12-21 12:51:59.945root 11241100x8000000000000000728287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ac8ca5625661fc2021-12-21 12:51:59.945root 11241100x8000000000000000728288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05a08a70f1d4a982021-12-21 12:51:59.945root 11241100x8000000000000000728289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275900da986b89bc2021-12-21 12:51:59.945root 11241100x8000000000000000728290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab37865dd7290ad2021-12-21 12:51:59.945root 11241100x8000000000000000728291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49eb0739f1b80d02021-12-21 12:51:59.945root 11241100x8000000000000000728292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86850247ea7b8fa02021-12-21 12:51:59.945root 11241100x8000000000000000728293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14887461194ae3242021-12-21 12:51:59.945root 11241100x8000000000000000728294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e740c3a7c428cac62021-12-21 12:51:59.945root 11241100x8000000000000000728295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f06f4aa0002ea262021-12-21 12:51:59.945root 11241100x8000000000000000728296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3672b5ef583bf1eb2021-12-21 12:51:59.945root 11241100x8000000000000000728297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb65bc6414fcba2021-12-21 12:51:59.945root 11241100x8000000000000000728298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ceee43929215872021-12-21 12:51:59.946root 11241100x8000000000000000728299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f749025d4a364ee2021-12-21 12:51:59.946root 11241100x8000000000000000728300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886f20ec742445c42021-12-21 12:51:59.946root 11241100x8000000000000000728301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6812fd4cf8417b02021-12-21 12:51:59.946root 11241100x8000000000000000728302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4711ece90577b952021-12-21 12:51:59.946root 11241100x8000000000000000728303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3756d640554c196f2021-12-21 12:51:59.946root 11241100x8000000000000000728304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:51:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ee979fd1cb25832021-12-21 12:51:59.946root 11241100x8000000000000000728305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48eec420d3b31122021-12-21 12:52:00.443root 11241100x8000000000000000728306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7b5f68c018016f2021-12-21 12:52:00.443root 11241100x8000000000000000728307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9cb73f901130b82021-12-21 12:52:00.443root 11241100x8000000000000000728308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa2649a146c7b762021-12-21 12:52:00.443root 11241100x8000000000000000728309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc934f602aad3b52021-12-21 12:52:00.444root 11241100x8000000000000000728310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c35ba5302951c0c2021-12-21 12:52:00.444root 11241100x8000000000000000728311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bb1849c31637a42021-12-21 12:52:00.444root 11241100x8000000000000000728312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44230cdb05dfefe2021-12-21 12:52:00.444root 11241100x8000000000000000728313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d801b4352a56e6332021-12-21 12:52:00.444root 11241100x8000000000000000728314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce2730305acc0172021-12-21 12:52:00.444root 11241100x8000000000000000728315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fec2d04e68f8ed2021-12-21 12:52:00.444root 11241100x8000000000000000728316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee1220d796e68e42021-12-21 12:52:00.444root 11241100x8000000000000000728317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0671133836bf43e62021-12-21 12:52:00.444root 11241100x8000000000000000728318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88816faf65795b712021-12-21 12:52:00.444root 11241100x8000000000000000728319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d361466a3adff952021-12-21 12:52:00.444root 11241100x8000000000000000728320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eb1075fc8da4342021-12-21 12:52:00.444root 11241100x8000000000000000728321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edde0bee1225af92021-12-21 12:52:00.444root 11241100x8000000000000000728322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dea7472e21b23a2021-12-21 12:52:00.444root 11241100x8000000000000000728323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c36dcdce37dffa2021-12-21 12:52:00.444root 11241100x8000000000000000728324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a113b4f269fc7812021-12-21 12:52:00.444root 11241100x8000000000000000728325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77b923532ded9452021-12-21 12:52:00.445root 11241100x8000000000000000728326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5d7ebd206cffe02021-12-21 12:52:00.445root 11241100x8000000000000000728327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e0d26f952398ed2021-12-21 12:52:00.445root 11241100x8000000000000000728328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2635d5bf61606c182021-12-21 12:52:00.445root 11241100x8000000000000000728329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6f40375d7629622021-12-21 12:52:00.445root 11241100x8000000000000000728330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4836a77784a7a1032021-12-21 12:52:00.445root 11241100x8000000000000000728331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534fa84c7dc662122021-12-21 12:52:00.445root 11241100x8000000000000000728332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5748cf4a81891bc72021-12-21 12:52:00.445root 11241100x8000000000000000728333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17104445c9d3241b2021-12-21 12:52:00.445root 11241100x8000000000000000728334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0433b6605aeff252021-12-21 12:52:00.445root 11241100x8000000000000000728335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95de4e3d4c2becb72021-12-21 12:52:00.445root 23542300x8000000000000000728377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:09.132{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000728378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:09.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71dd209f4f45f432021-12-21 12:52:09.442root 11241100x8000000000000000728379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:09.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e108c84449335db2021-12-21 12:52:09.942root 11241100x8000000000000000728380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:10.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ae1824f1210db22021-12-21 12:52:10.442root 11241100x8000000000000000728381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9b082efe1615672021-12-21 12:52:10.942root 11241100x8000000000000000728382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:11.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef92cf7cc35d9d42021-12-21 12:52:11.442root 11241100x8000000000000000728383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0018c97922b5b132021-12-21 12:52:11.942root 11241100x8000000000000000728384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c0805f4d2a9a5e2021-12-21 12:52:12.442root 11241100x8000000000000000728385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31ea985eadd398b2021-12-21 12:52:12.942root 534500x8000000000000000728386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.039{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 354300x8000000000000000728387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.135{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50602-false10.0.1.12-8000- 11241100x8000000000000000728388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026b50afcc788632021-12-21 12:52:13.442root 11241100x8000000000000000728389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81667f84c0e911252021-12-21 12:52:13.443root 11241100x8000000000000000728390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77917ae33191ce32021-12-21 12:52:13.443root 11241100x8000000000000000728391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5362dd448167902021-12-21 12:52:13.942root 11241100x8000000000000000728392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4314cb871bf8b432021-12-21 12:52:13.943root 11241100x8000000000000000728393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ebd08494c038202021-12-21 12:52:13.943root 11241100x8000000000000000728394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10452619f56ebf062021-12-21 12:52:14.442root 11241100x8000000000000000728395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafc77229677a1eb2021-12-21 12:52:14.443root 11241100x8000000000000000728396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20df683da5a35692021-12-21 12:52:14.443root 11241100x8000000000000000728397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea096ea9e29edd92021-12-21 12:52:14.942root 11241100x8000000000000000728398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5100a3ff8a15be2021-12-21 12:52:14.943root 11241100x8000000000000000728399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1108f787e82413052021-12-21 12:52:14.943root 11241100x8000000000000000728400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f847d1bd15adecf42021-12-21 12:52:15.442root 11241100x8000000000000000728401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae5b2d5483430be2021-12-21 12:52:15.443root 11241100x8000000000000000728402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758679bdb15f4a552021-12-21 12:52:15.443root 11241100x8000000000000000728403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea5256b560559052021-12-21 12:52:15.943root 11241100x8000000000000000728404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c92083ddc165172021-12-21 12:52:15.943root 11241100x8000000000000000728405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c69cb21b41a172021-12-21 12:52:15.944root 11241100x8000000000000000728406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62aad01c09f54752021-12-21 12:52:16.442root 11241100x8000000000000000728407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde75aa0bd757c932021-12-21 12:52:16.443root 11241100x8000000000000000728408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb671a7d389deb22021-12-21 12:52:16.443root 11241100x8000000000000000728409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6189c3eacad2292021-12-21 12:52:16.942root 11241100x8000000000000000728410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f8e1b4fd53a3652021-12-21 12:52:16.943root 11241100x8000000000000000728411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d127e3ff6954512021-12-21 12:52:16.943root 11241100x8000000000000000728412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2b5c7a5e2067822021-12-21 12:52:17.442root 11241100x8000000000000000728413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25734b5ab1e7f502021-12-21 12:52:17.443root 11241100x8000000000000000728414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c69780a2c9f4af2021-12-21 12:52:17.443root 11241100x8000000000000000728415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5628af471dae4b82021-12-21 12:52:17.942root 11241100x8000000000000000728416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e696a7a73d9c62021-12-21 12:52:17.943root 11241100x8000000000000000728417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c6c0ed5ca864e92021-12-21 12:52:17.943root 354300x8000000000000000728418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.210{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50604-false10.0.1.12-8000- 11241100x8000000000000000728419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec919b1924d911e52021-12-21 12:52:18.211root 11241100x8000000000000000728420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4b61866da74f312021-12-21 12:52:18.211root 11241100x8000000000000000728421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a12c9e957ace922021-12-21 12:52:18.211root 11241100x8000000000000000728422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f069e58bd7d432021-12-21 12:52:18.211root 11241100x8000000000000000728423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e90cb387cf92a992021-12-21 12:52:18.692root 11241100x8000000000000000728424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72c6f3a076125a52021-12-21 12:52:18.693root 11241100x8000000000000000728425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5695f81574c313c2021-12-21 12:52:18.693root 11241100x8000000000000000728426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29edf2d7cef2e56e2021-12-21 12:52:18.693root 11241100x8000000000000000728427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a66ea6e38468162021-12-21 12:52:19.192root 11241100x8000000000000000728428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2025b86d9465475d2021-12-21 12:52:19.193root 11241100x8000000000000000728429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ad73264cc9de1a2021-12-21 12:52:19.193root 11241100x8000000000000000728430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b62cbd1473d322021-12-21 12:52:19.193root 11241100x8000000000000000728431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b069fd2e35af1d2021-12-21 12:52:19.692root 11241100x8000000000000000728432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f898c811a06af82021-12-21 12:52:19.693root 11241100x8000000000000000728433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9701a5a9e1444f692021-12-21 12:52:19.693root 11241100x8000000000000000728434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c21e313cfcde912021-12-21 12:52:19.693root 11241100x8000000000000000728435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db79fd0340fe0e2021-12-21 12:52:20.193root 11241100x8000000000000000728436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c25e41240150cd2021-12-21 12:52:20.193root 11241100x8000000000000000728437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915c17ee66f3ad7a2021-12-21 12:52:20.193root 11241100x8000000000000000728438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd81084216f8c232021-12-21 12:52:20.193root 11241100x8000000000000000728439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a6b94774f390c12021-12-21 12:52:20.693root 11241100x8000000000000000728440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edda0ce31c161ac42021-12-21 12:52:20.693root 11241100x8000000000000000728441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5b20feffd9f26f2021-12-21 12:52:20.693root 11241100x8000000000000000728442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15cdae9541b80b02021-12-21 12:52:20.693root 11241100x8000000000000000728443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6822ea7402a8261b2021-12-21 12:52:21.192root 11241100x8000000000000000728444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57736bcdb1fca3b12021-12-21 12:52:21.193root 11241100x8000000000000000728445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d0c60cb0eb0bd02021-12-21 12:52:21.193root 11241100x8000000000000000728446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd511745878695b32021-12-21 12:52:21.193root 11241100x8000000000000000728447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59042800119c75ec2021-12-21 12:52:21.693root 11241100x8000000000000000728448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057f8c8dd991d83e2021-12-21 12:52:21.693root 11241100x8000000000000000728449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54abfbfe7d554f712021-12-21 12:52:21.693root 11241100x8000000000000000728450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ed0f07b5c0d8f2021-12-21 12:52:21.693root 11241100x8000000000000000728451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a062d79817ed92fb2021-12-21 12:52:22.192root 11241100x8000000000000000728452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ef31d35e41f4812021-12-21 12:52:22.193root 11241100x8000000000000000728453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19553fa35eabcc142021-12-21 12:52:22.193root 11241100x8000000000000000728454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ea5a03687dd1a92021-12-21 12:52:22.193root 11241100x8000000000000000728455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e86cc7d76e7fae42021-12-21 12:52:22.692root 11241100x8000000000000000728456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f699e5e98a4dd2021-12-21 12:52:22.693root 11241100x8000000000000000728457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508a9094a1af94202021-12-21 12:52:22.693root 11241100x8000000000000000728458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b85b71ba5fc14042021-12-21 12:52:22.693root 11241100x8000000000000000728459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27bbcb5a831bb42021-12-21 12:52:23.193root 11241100x8000000000000000728460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dae3790c97b534e2021-12-21 12:52:23.193root 11241100x8000000000000000728461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cf3f8184e5d1cb2021-12-21 12:52:23.193root 11241100x8000000000000000728462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f765fa3de14003362021-12-21 12:52:23.193root 11241100x8000000000000000728463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0650243abae103b02021-12-21 12:52:23.692root 11241100x8000000000000000728464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827f034e5c17bc2a2021-12-21 12:52:23.693root 11241100x8000000000000000728465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81c47f7a2bc73792021-12-21 12:52:23.693root 11241100x8000000000000000728466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff639aa83c6d91182021-12-21 12:52:23.693root 354300x8000000000000000728467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.054{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-50606-false10.0.1.12-8000- 11241100x8000000000000000728468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302d10498b0269622021-12-21 12:52:24.055root 11241100x8000000000000000728469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c656004428b0f7b42021-12-21 12:52:24.055root 11241100x8000000000000000728470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:52:24.055{ec2b6afe-95d7-61c1